Assuming I’m logged into an application and have a Keycloak token, now I want to check if the entered password is correct before executing the password.
Please help me write this method in Java, I have tried searching on both Google and ChatGPT but have not found a solution.
I am assuming you are trying to do this using the Admin REST Api.
An option is to initiate a login session with the username and password, and if it’s successful, you can return true, and false if otherwise.
But I have already logged in and have jwt token. So this solution is not feasible.
I don’t think I understood your initial question. what do you mean by “before executing the password”?
are you trying to implement a password change?
Yes, I will have two steps:
- Check if the current password is correct, assuming the user has already logged in.
- If pass step 1, we will update new password
But I am stuck at step 1.
Okay. So my initial answer is feasible. I am aware user is logged in and already has a token, and that does not stop you from initiating another login session.
So here are my (hacky) recommended steps
- Login the user
- User clicks change pass
- ask for old pass
- initiate a login session with username and password in some java method that returns true if the password login session gets initiated successfully.
- update password if true.
- logout the user from all sessions because of password change
An alternative to this would be to just use account reset function which creates a new password without verifying old password but makes use of email verification.
Thanks, I will use your way.