<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif;">
<div>
<div>
<div>If you already have the username and old password that you want to check, I just attempt to retrieve an access token. If it works, you know the old password is correct, then you can proceed in changing the password.</div>
<div><br>
</div>
<div>POST - /auth/realms/{realm}/protocol/openid-connect/token</div>
<div>
<div><br>
</div>
<div>headers.set("content-type", "application/x-www-form-urlencoded");</div>
<div>headers.set("accept", "application/json");</div>
</div>
<div>
<div><br>
</div>
<div>body.add("grant_type", “password”)</div>
<div>body.add("username", username);</div>
<div>body.add("password", password);</div>
<div>body.add(“client_id”, {clientId})</div>
</div>
<div>
<div id="MAC_OUTLOOK_SIGNATURE"></div>
</div>
</div>
</div>
<div><br>
</div>
<span id="OLK_SRC_BODY_SECTION">
<div style="font-family:Calibri; font-size:12pt; text-align:left; color:black; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt">
<span style="font-weight:bold">From: </span><<a href="mailto:keycloak-user-bounces@lists.jboss.org">keycloak-user-bounces@lists.jboss.org</a>> on behalf of Stian Thorgersen <<a href="mailto:sthorger@redhat.com">sthorger@redhat.com</a>><br>
<span style="font-weight:bold">Reply-To: </span>"<a href="mailto:stian@redhat.com">stian@redhat.com</a>" <<a href="mailto:stian@redhat.com">stian@redhat.com</a>><br>
<span style="font-weight:bold">Date: </span>Monday, March 21, 2016 at 10:11 PM<br>
<span style="font-weight:bold">To: </span>Adrian Matei <<a href="mailto:adrianmatei@gmail.com">adrianmatei@gmail.com</a>><br>
<span style="font-weight:bold">Cc: </span>keycloak-user <<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>><br>
<span style="font-weight:bold">Subject: </span>Re: [keycloak-user] User old password verification via REST admin api<br>
</div>
<div><br>
</div>
<div>
<div>
<div dir="ltr">No, with the admin endpoints you can't retrieve the password, nor can you expect an admin to know the existing password so it shouldn't verify it either.</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 21 March 2016 at 14:35, Adrian Matei <span dir="ltr">
<<a href="mailto:adrianmatei@gmail.com" target="_blank">adrianmatei@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Hi everyone,
<div><br>
Use case: "reset user password via REST admin API - <span style="color:rgba(0,0,0,0.901961);font-family:'Droid Sans Mono','DejaVu Sans Mono',monospace;font-size:0.90625em;line-height:1.45;white-space:pre-wrap;background-color:rgb(247,247,248)">PUT /admin/realms/{realm}/users/{id}/reset-password</span>" </div>
<div><br>
</div>
<div>Is there a possibility to verify the user's old password before changing it, as is the case via the Account app?</div>
<div><br>
</div>
<div>Thanks,</div>
<div>Adrian </div>
</div>
<br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</span>
</body>
</html>