I want to implement a feature where the user can change their current password when already logged in.  In doing so I want them to authenticate their current password before being allowed to choose their next password.  Is there a way to do this that I am unaware of?  My issue is I can not authenticate the current password when already logged.

Thank you

James, 

At this time we do not expose an endpoint to reset a password in that manner.  We only allow for resetting a password via the rest API endpoint, which sends a reset link to the user's registered email address.

Thanks,

Hi James,

In addition to what Damien mentioned, it is possible to just change, rather than reset, the user's password in a manner similar to what you described.

If I understand correctly, you have a logged-in user that is using an auth token to make requests, and the problem is that you want to make sure they have the actual password before allowing them to change their password, rather than relying on that auth token as usual. One way to do that is to simply submit the user update request (the one for the password change) using the REST API, and authenticate that specific request using basic auth. As described here (http://devcenter.kinvey.com/rest/guides/security#basicauthentication), basic auth is simply a base-64 encoded string containing a username and password. Alternatively, you could make any authenticated REST request (for example, to https://baas.kinvey.com/user/your-app-id/_me) using basic auth and use its success or failure as a way to verify the user's username/password. The implementation details of constructing and sending this request will vary depending on how you access our service (through a client library or the REST API), but that is the gist.

Hope that helps!