<p dir="ltr">Bear in mind that approach will result in a session being created, so I wouldn't recommend doing that to check password.</p>
<div class="gmail_quote">On 22 Mar 2016 01:44, "Doug Szeto" <<a href="mailto:DSzeto@investlab.com">DSzeto@investlab.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div style="word-wrap:break-word;color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif">
<div>
<div>
<div>If you already have the username and old password that you want to check, I just attempt to retrieve an access token. If it works, you know the old password is correct, then you can proceed in changing the password.</div>
<div><br>
</div>
<div>POST - /auth/realms/{realm}/protocol/openid-connect/token</div>
<div>
<div><br>
</div>
<div>headers.set("content-type", "application/x-www-form-urlencoded");</div>
<div>headers.set("accept", "application/json");</div>
</div>
<div>
<div><br>
</div>
<div>body.add("grant_type", “password”)</div>
<div>body.add("username", username);</div>
<div>body.add("password", password);</div>
<div>body.add(“client_id”, {clientId})</div>
</div>
<div>
<div></div>
</div>
</div>
</div>
<div><br>
</div>
<span>
<div style="font-family:Calibri;font-size:12pt;text-align:left;color:black;BORDER-BOTTOM:medium none;BORDER-LEFT:medium none;PADDING-BOTTOM:0in;PADDING-LEFT:0in;PADDING-RIGHT:0in;BORDER-TOP:#b5c4df 1pt solid;BORDER-RIGHT:medium none;PADDING-TOP:3pt">
<span style="font-weight:bold">From: </span><<a href="mailto:keycloak-user-bounces@lists.jboss.org" target="_blank">keycloak-user-bounces@lists.jboss.org</a>> on behalf of Stian Thorgersen <<a href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a>><br>
<span style="font-weight:bold">Reply-To: </span>"<a href="mailto:stian@redhat.com" target="_blank">stian@redhat.com</a>" <<a href="mailto:stian@redhat.com" target="_blank">stian@redhat.com</a>><br>
<span style="font-weight:bold">Date: </span>Monday, March 21, 2016 at 10:11 PM<br>
<span style="font-weight:bold">To: </span>Adrian Matei <<a href="mailto:adrianmatei@gmail.com" target="_blank">adrianmatei@gmail.com</a>><br>
<span style="font-weight:bold">Cc: </span>keycloak-user <<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>><br>
<span style="font-weight:bold">Subject: </span>Re: [keycloak-user] User old password verification via REST admin api<br>
</div>
<div><br>
</div>
<div>
<div>
<div dir="ltr">No, with the admin endpoints you can't retrieve the password, nor can you expect an admin to know the existing password so it shouldn't verify it either.</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 21 March 2016 at 14:35, Adrian Matei <span dir="ltr">
<<a href="mailto:adrianmatei@gmail.com" target="_blank">adrianmatei@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Hi everyone,
<div><br>
Use case: "reset user password via REST admin API - <span style="color:rgba(0,0,0,0.901961);font-family:'Droid Sans Mono','DejaVu Sans Mono',monospace;font-size:0.90625em;line-height:1.45;white-space:pre-wrap;background-color:rgb(247,247,248)">PUT /admin/realms/{realm}/users/{id}/reset-password</span>" </div>
<div><br>
</div>
<div>Is there a possibility to verify the user's old password before changing it, as is the case via the Account app?</div>
<div><br>
</div>
<div>Thanks,</div>
<div>Adrian </div>
</div>
<br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</span>
</div>
</blockquote></div>