This endpoint facilitates the changing of an end user's password. One can choose to confirm their existing password prior to updating. Based on client settings configuration this endpoint will also check against a users previously saved passwords to prevent password reuse. The new password is validated against a repository of known database breaches for additional protection.
The change password workflow is used when you need to enable a user to change their existing password while the user is signed in to your application.
With the possession of a valid access token it is possible to call the change password endpoint to update a user's existing password. The change password endpoint supports the Password Guard feature of Next Identity Secure that prohibits and end user from reusing their current and some number of previous passwords.
With the /change-password
endpoint applications can choose to either validate against the user's current password or not.
Note about
/change-password
endpointYou'll need to pass in the bearer token in the header. In this use case, since the user has not logged in, you will get the token by initiating a forgot password email or SMS message to the end user.