What's the recommended way to validate the old password before changing the password?



With the older version of the SDK I was able to compare the entered password with the current password:

[_user.password isEqualToString:password];



and is that is successful, update the password using:

[user changePassword:password completionBlock:^(NSArray *objectsOrNil, NSError *errorOrNil) {

}];



looks like the user.password is no longer accessible in the new SDK, so how should we validate the old password?



Thanks,

Arun

Thanks, the library does not support this out of the box. You can hold on to the old password in the keychain or you can write a custom endpoint to take both the new and old passwords, validate the old and then change to the new.

Yep same here;



Most change password functions, ask the user the type in the "currrent(old) password", "new password", and "confirm new password." We can validate that the new password and the confirm new password fields are equal within the app, but how should we validate that the old password is correct before proceeding to change the new password.



Thanks,

Arun

In my case, I might need to offer a password change function, where the user has to validate the old password before being allowed to change it.

Arun,



I am not sure what you are trying to do here? You can send the changePassword: message even if the password is the same or not. The password was removed because there is no need for it once the user logs in, and keeping it around is a security risk. If your application requires doing additional things with the password other than log-in, first reconsider, and then if not, store the password using your application code (in the keychain).

I've been wondering this as well.