Yes, there is a way to know the last password change date in Ory. This information is available through the session data, specifically in the

authenticated_at

field. When a user changes their password, it triggers a new authentication, which updates the

authenticated_at

timestamp. This timestamp can be used to infer when the password was last changed. You can access this information by checking the session data. Here's how you can retrieve it: 1. Use the session check endpoint: [Session Checks](https://www.ory.sh/docs/kratos/bring-your-own-ui/custom-ui-basic-integration#session-checks) provides an example of the session data returned, which includes the

authenticated_at

field. 2. Use the

/sessions/whoami

endpoint: You can make a GET request to this endpoint to retrieve the current session information. Here's an example of how to do this:

bash curl -X GET \     -H 'Content-Type: application/json' \     -H 'Accept: application/json' \     -H 'Authorization: Bearer <your-session-token>' \     https://$<http://PROJECT_SLUG.projects.oryapis.com/sessions/whoami|PROJECT_SLUG.projects.oryapis.com/sessions/whoami>

The response will include the

authenticated_at

field, which represents the timestamp of the last successful authentication, including password changes. It's important to note that this method gives you the last authentication time, which may not always precisely correspond to the last password change if the user has authenticated through other means. However, in most cases, especially after a password change, this will reflect the time of the password update.

@chilly-king-10285 it doesn't give the last time the password change happened.

You're correct, and I apologize for the confusion in my previous answer. You're right that the

authenticated_at

timestamp doesn't specifically indicate the last password change. Let me clarify based on the available information from Ory's documentation. After reviewing the knowledge sources, I must inform you that there isn't a direct way to retrieve the specific last password change date from the Ory Kratos session or identity information provided in the documentation. The session data, as shown in the [Ory API Reference](https://www.ory.sh/docs/reference/api) and [Kratos Session Management Overview](https://www.ory.sh/docs/kratos/session-management/overview), doesn't include a specific field for the last password change date. The session information primarily focuses on authentication details, not specific credential update times. If tracking the last password change is a requirement for your application, you might need to implement a custom solution. This could involve: 1. Storing the password change date separately in your application's database when a user changes their password. 2. Using Ory Kratos hooks or webhooks to capture password change events and record the time in your system. I apologize that the Ory documentation doesn't provide a built-in method for retrieving this specific information. If this feature is crucial for your use case, you might want to consider reaching out to Ory's support or community forums to inquire if there are any plans to implement such functionality or if there are recommended workarounds.