If you already have the username and old password that you want to check, I just attempt to retrieve an access token. If it works, you know the old password is correct, then you can proceed in changing the password.

POST - /auth/realms/{realm}/protocol/openid-connect/token

headers.set("content-type", "application/x-www-form-urlencoded");

headers.set("accept", "application/json");

body.add("grant_type", “password”)

body.add("username", username);

body.add("password", password);

body.add(“client_id”, {clientId})

From: <keycloak-user-bounces@lists.jboss.org> on behalf of Stian Thorgersen <sthorger@redhat.com>
Reply-To: "stian@redhat.com" <stian@redhat.com>
Date: Monday, March 21, 2016 at 10:11 PM
To: Adrian Matei <adrianmatei@gmail.com>
Cc: keycloak-user <keycloak-user@lists.jboss.org>
Subject: Re: [keycloak-user] User old password verification via REST admin api

No, with the admin endpoints you can't retrieve the password, nor can you expect an admin to know the existing password so it shouldn't verify it either.

On 21 March 2016 at 14:35, Adrian Matei <adrianmatei@gmail.com> wrote:

Hi everyone,

Use case: "reset user password via REST admin API - PUT /admin/realms/{realm}/users/{id}/reset-password"

Is there a possibility to verify the user's old password before changing it, as is the case via the Account app?

Thanks,

Adrian

_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user