Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Ehy guys, in the settings flow can I “force” the user to have to send their password to be able to change any trails or the same password? Currently, in the settings flow, the user can change any value simply by sending a request with the new value, what I want to do is that the user is forced to send their current password in said request as well.

have a look at <https://www.ory.sh/docs/kratos/session-management/overview#privileged-sessions>
you could use that in combination with `metadata_public` to write a custom update handler that enforces the privileged session state