Data protected with password
I'm working on iOS and Android apps and I have a scenario where user needs to change their username. I'd like to protect this operation with current password so only users who now the password can do this.
So after user inputs the required data (current password and new username) it's required to check if the password is correct. The only way I've found to check the password is to actually login the user again using the entered password. If login is successful I then update current user object.
Though the flow above seems to work I've run into an issue.
Because of the additional login I get the following error every time I try to perform any further fetch operations (note: multiple login is enabled):
FAULT = '3064' [Not existing user token - XXX. Relogin user to update your user token] <Not existing user token - XXX. Relogin user to update your user token>
One dirty workaround is once the update operation from above is completed, is to logout user and to login them again as part of the update operation. In this case I have to perform calls as the following:
- login in order to check if the password is correct
- logout user and login again to make sure token is correct (please note, I can't call logout before the first login since user may enter incorrect password which will lead to logout user state)
- perform actual password protected operation (username updating in this case)
What is the correct way to handle scenarios when password protection is required in order to perform any specific actions in the app?