Hello ORY team,I am new to the ORY network and I'm working on a function to update a user's password. I would like to add a step where the user must provide their current password, along with the new password they wish to set. The server needs to check if the provided current password is correct, and if it is, update the password to the new one. I'm using the ory/client library and I'm not sure how to perform the password verification step. Can you please assist me with this issue?

Hi @adventurous-baker-56676 When requesting the settings flow (used to update password), a privileged session is required - which means even though the user is logged in, their privileged session has a shorter duration than the logged in session lifespan. The settings flow will thus give you an error back when you create it when the user has no privileged session, forcing the user to do a login flow. You can also force a re-authentication step from your side by adding the

?refresh=true

query parameter to the create login flow. https://www.ory.sh/docs/kratos/bring-your-own-ui/custom-ui-advanced-integration#refreshing-user-session

Thanks for sharing the link. I looked at the solution and it was really helpful. I appreciate your help on this. Thanks again!