But I have a question, I want my user to retype his password everytime that changes a field in my db (username for example) how can I check the password is correct?

hey @SantiMNV - can you rephrase the question please?

Sure. I am making an update profile page. I want the user to write his password before making the db updates. So I wonder if there would be some way that I send supertokens a userid or session and it's password and check if it is correct or not It is correct I would do the updates on my db and if it is not, I will not update in the db

right. So this can be done by calling the emailpassword.signIn function from the backend SDK. This would take an email and a password as an input, and return if it's OK or not. You can get the email from the session's user ID, and the password can be entered by the user when making the API call. Finally, you want to have some sort of payload in the access token indicating when was the last time they did this step-up-auth, and only ask the user to this when if the session indicates that they last entered that password some time ago.

Yes, that's exactly what I want, I will implement it right now, thank you very much! And thanks to all fastapi docs!