Hi, our Keycloak is using a federated database where users, roles and permissions are stored.
We also implemented a custom provider to handle the authentication flow as well as the “Confirm new password” flow.
The problem comes when we need to update the new password: the backend (REST API) that actually performs the update operation in the database requires as input the “old password” in clear text. Our database has all the passwords hashed so there is no option to reverse it.
It is also important to note that we are using “NO_CACHE” option for the User Federation provider.
Do you know if Keycloak JAVA API provides a way to read or get the password entered before confirming the new one?
Thanks in advance.