search

realm / realm-js

Realm is a mobile database: an alternative to SQLite & key-value stores
https://realm.io
Apache License 2.0
5.76k stars 572 forks source link

API for confirming user's current password #5886

Open devsales opened 1 year ago

devsales commented 1 year ago

Problem

When using the Email/Password Auth Provider there is no way of asking the user to confirm his/her current password. This would be nice to have in the following use-cases:

  1. Allow login with a username additionally to the email/username provided on registration.
  2. Confirm current password when setting a new password as a first check before sending the confirmation link
  3. ... (some other use-cases where confirming the current password would be useful)

Solution

Something like await app.emailPasswordAuth.confirmCurrentPassword(password) would be nice to have.

Alternatives

For login with an additional username there is currently no alternative, as far as I know. For resetting password there is the confirmation link sent via email or something else.

How important is this improvement for you?

I would like to have it but have a workaround

Feature would mainly be used with

Atlas App Services: Auth or Functions etc

kneth commented 1 year ago

@devsales Thank you for the proposal/feature request.

You are right - we don't have such a method at the moment - neither in the SDK nor server-side. My best idea for now is to try to log in the user and see if it fails.

I can't give you a timeline for when we will work on your request, and I will leave the issue open. To other users: if you could use something similar to this, consider explaining your use case and/or give the issue a 👍🏻