bitter-arm-6486
01/07/2022, 4:41 PMquick-apartment-80558
01/07/2022, 4:42 PMbitter-arm-6486
01/07/2022, 4:43 PMquick-apartment-80558
01/07/2022, 4:44 PMbitter-arm-6486
01/07/2022, 4:45 PMquick-apartment-80558
01/07/2022, 4:49 PMbitter-arm-6486
01/07/2022, 4:50 PMproud-plumber-24205
01/07/2022, 4:51 PMprivileged_session_max_age
https://www.ory.sh/kratos/docs/self-service/flows/user-settings#updating-privileged-fields
setting this to a value such as 15m would mean that the user would need to first verify themselves before updating their password once the session is older than 15 minutes.As far as I know other than logging in there's no separate password verification endpointNo, logging in is the password verification 🙂 and with setting
privileged_session_max_age
to a value that's acceptable in your use case, would be secure enough. Example: The user logged in and has a full 15 minutes to update their password. Once this time-frame has expired, the user is required to verify
themselves again with a login flow. This is enough to prevent someone else from updating their information.bitter-arm-6486
01/07/2022, 4:55 PMproud-plumber-24205
01/07/2022, 4:58 PMbitter-arm-6486
01/07/2022, 4:58 PM