Thanks you two for your inputs,

In the end we've decided to overwrite the passwd.ftl and use the Keycloak-account backend functionality.

Best regards,
Adrian

On Tue, Mar 22, 2016 at 7:13 AM, Stian Thorgersen <sthorger@redhat.com> wrote:

Bear in mind that approach will result in a session being created, so I wouldn't recommend doing that to check password.

On 22 Mar 2016 01:44, "Doug Szeto" <DSzeto@investlab.com> wrote:
If you already have the username and old password that you want to check, I just attempt to retrieve an access token. If it works, you know the old password is correct, then you can proceed in changing the password.

POST - /auth/realms/{realm}/protocol/openid-connect/token

headers.set("content-type", "application/x-www-form-urlencoded");
headers.set("accept", "application/json");

body.add("grant_type", “password”)
body.add("username", username);
body.add("password", password);
body.add(“client_id”, {clientId})

From: <keycloak-user-bounces@lists.jboss.org> on behalf of Stian Thorgersen <sthorger@redhat.com>
Reply-To: "stian@redhat.com" <stian@redhat.com>
Date: Monday, March 21, 2016 at 10:11 PM
To: Adrian Matei <adrianmatei@gmail.com>
Cc: keycloak-user <keycloak-user@lists.jboss.org>
Subject: Re: [keycloak-user] User old password verification via REST admin api

No, with the admin endpoints you can't retrieve the password, nor can you expect an admin to know the existing password so it shouldn't verify it either.

On 21 March 2016 at 14:35, Adrian Matei <adrianmatei@gmail.com> wrote:
Hi everyone,

Use case: "reset user password via REST admin API - PUT /admin/realms/{realm}/users/{id}/reset-password

Is there a possibility to verify the user's old password before changing it, as is the case via the Account app?

Thanks,
Adrian 

_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user