Bear in mind that approach will result in a session being created, so I wouldn't recommend doing that to check password. On 22 Mar 2016 01:44, "Doug Szeto" <DSzeto(a)investlab.com&gt; wrote: > If you already have the username and old password that you want to check, > I just attempt to retrieve an access token. If it works, you know the old > password is correct, then you can proceed in changing the password. > > POST - /auth/realms/{realm}/protocol/openid-connect/token > > headers.set("content-type", "application/x-www-form-urlencoded"); > headers.set("accept", "application/json"); > > body.add("grant_type", “password”) > body.add("username", username); > body.add("password", password); > body.add(“client_id”, {clientId}) > > From: <keycloak-user-bounces(a)lists.jboss.org&gt; on behalf of Stian > Thorgersen <sthorger(a)redhat.com&gt; > Reply-To: &quot;stian(a)redhat.com&quot; <stian(a)redhat.com&gt; > Date: Monday, March 21, 2016 at 10:11 PM > To: Adrian Matei <adrianmatei(a)gmail.com&gt; > Cc: keycloak-user <keycloak-user(a)lists.jboss.org&gt; > Subject: Re: [keycloak-user] User old password verification via REST > admin api > > No, with the admin endpoints you can't retrieve the password, nor can you > expect an admin to know the existing password so it shouldn't verify it > either. > > On 21 March 2016 at 14:35, Adrian Matei <adrianmatei(a)gmail.com&gt; wrote: > >> Hi everyone, >> >> Use case: "reset user password via REST admin API - PUT >> /admin/realms/{realm}/users/{id}/reset-password" >> >> Is there a possibility to verify the user's old password before changing >> it, as is the case via the Account app? >> >> Thanks, >> Adrian >> >> _______________________________________________ >> keycloak-user mailing list >> keycloak-user(a)lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/keycloak-user >> > >