https://supertokens.com/ logo
password question
s

SantiMNV

04/04/2023, 8:16 AM
But I have a question, I want my user to retype his password everytime that changes a field in my db (username for example) how can I check the password is correct?
r

rp

04/04/2023, 8:22 AM
hey @SantiMNV - can you rephrase the question please?
s

SantiMNV

04/04/2023, 8:36 AM
Sure. I am making an update profile page. I want the user to write his password before making the db updates. So I wonder if there would be some way that I send supertokens a userid or session and it's password and check if it is correct or not It is correct I would do the updates on my db and if it is not, I will not update in the db
Many websites have similar systems for changing important fields, such us username or credit card
r

rp

04/04/2023, 8:38 AM
right. So this can be done by calling the emailpassword.signIn function from the backend SDK. This would take an email and a password as an input, and return if it's OK or not. You can get the email from the session's user ID, and the password can be entered by the user when making the API call. Finally, you want to have some sort of payload in the access token indicating when was the last time they did this step-up-auth, and only ask the user to this when if the session indicates that they last entered that password some time ago.
st-bot-test-case
s

SantiMNV

04/04/2023, 8:42 AM
Yes, that's exactly what I want, I will implement it right now, thank you very much! And thanks to all fastapi docs!