Reauthentication for Sensitive functionality ( Step-up authentication)

In my application, there are some sensitive functionalities that could perform by all types of users. What I wanted is whether the user has an active keycloak session to access the application to perform the above sensitive functionalities, verify the user again using their password. By authenticating what I expect is to ensure that mentioned sensitive functionality is performed by the legitimate user. Does keycloak has such reauthenticate functionality built-in?

reference: Require Re-authentication for Sensitive Features of Authentication - OWASP Cheat Sheet Series

Assuming you’re using OIDC, you can do a redirect to the login with prompt=login set, which will force the user to re-authenticate.

The step-up auth feature is currently under discussion and will hopefully be integrated soon. There are a lot of people waiting for this:

Issue: [KEYCLOAK-847] Step-up Authentication - Red Hat Issue Tracker
PR + current discussions: KEYCLOAK-847 Add support for step up authentication by CorneliaLahnsteiner · Pull Request #7897 · keycloak/keycloak · GitHub