Is the token endpoint the only way to authenticate a user's credentials?

Is the token endpoint the only way to authenticate a user’s credentials?

How would I be able to re-authenticate a user’s current password? This is in situations where the user trying to perform actions that require re-entering their password.

I know I could perform an implicit password token call but this creates a new token session. Is there any concern with doing it this way or is there a more appropriate method?

Any help would be appreciated.