Keycloak API Rest - check if password is correct


Before my user can change the password in my web app gui, I would like to do a check if the current user knows the password.

Therefore I would like to have a simple check, like

  1. User entered a password in GUI
  2. Check if this password is matching with the user
  3. I will got a result “true” or “false”

Is there any chance to get the Hash Password from Keycloak REST API?
Or try a login (without create a session in the background) ?

How can I do this with the REST API (Version 23.0.1) ?

Why is your application messing with the users credentials?
If you decide to use Keycloak and OIDC/SAML, then the App should not be involved in managing user credentials. That is keycloaks job.

1 Like

If a user would like to change the password, I would do that directly in the App Gui and not in the Gui from Keycloak…

1 Like

That would violate the separation of concern, the further you can get the app away from the users credentials the better. You could redirect them to the corresponding option in the account console or have a generic “manage account” link to the account console.

1 Like

Just for updating the password, there’s the required action responsible for that.
You can create a direct link to that action using e.g. this approach:


Thank you very much.
I think that´s exactly what I need.

The only issue which i have:
I would like to have that the user needs to enter always a password. How can I change the time from 5 minutes to 30 seconds e.g. ?

Where can I override the “max-auth-age” ?

It‘s a password policy…