Verify Current Password Before Changing to New One

Problem statement

We have a feature in our app that enables a user to change the password only after verifying the current password but Auth0 does not provide any API endpoint through Management API or Authentication API to verify the current password. Is there a way to have a user verify their current password before changing it to a new one?

Solution

Auth0 doesn’t have an out-of-the-box method of achieving this use case. However, one potential method would be to call the /oauth/token endpoint and use the Resource Owner Password Grant

https://auth0.com/docs/get-started/authentication-and-authorization-flow/call-your-api-using-resource-owner-password-flow

to verify the password entered by a user. This essentially requests a token again but you can perform the password grant auth request without redirecting to the login page.

Your flow could be implemented by having the user enter their password, then you call the endpoint and if you get back an access token then you know the user entered the correct password. If correct, you can then change the user’s password.