Last Updated: Dec 16, 2024
Overview
A feature in the app enables a user to change the password only after verifying the current password but Auth0 does not provide any API endpoint through Management API or Authentication API to verify the current password. Is there a way to have a user verify their current password before changing it to a new one?
Applies To
- Password
Solution
Auth0 does not have an out-of-the-box method of achieving this use case. However, one potential method would be to call the /oauth/token endpoint and use the Resource Owner Password Grant to verify the password entered by a user. This essentially requests a token again but you can perform the password grant auth request without redirecting to the login page.
The flow could be implemented by having the user enter their password, then call the endpoint, and if you get back an access token, then you know the user entered the correct password. If correct, then change the user’s password.