Require old password on change password (user account service)

Hi Guys,

I’m a new user of keycloak. I just want to ask on how to require the old password during update password on account (page)

Thanks

The built-in password update functionality doesn’t allow that. It would be possible to build a custom authenticator and replace that. Docs and files you would override are here:

https://www.keycloak.org/docs/latest/server_development/#_auth_spi

Or if you don’t need it on the same form you should be able to require the old password in a custom flow for credentials reset.

2 Likes

Hi bpedersen2, How can I enable that? I think your solution is much more good on me because I don’t want to modify the source code.

Check Server Administration Guide and Server Administration Guide

1 Like

Hi for anyone who’s trying to solve this issue. I manage to fix it by changing the account theme.

keycloak server > realm > realm settings > themes > account theme

and use keycloak theme.

Hey guys, what the link of update password page ! i can’t get it guys !

Hello everyone, I did a small demo for changing password with validating old password.

You can check it here

This functionality can now (since a few versions) be configured directly in Keycloak itself.
Go to the required action “Update Password” and click on the cog icon (:gear:) and set the Maximum Age of Authentication to 0. This way, the users will always be forced to re-authenticate (aka entering the current password) before updating their password. No need for custom code.