The only topics I’ve seen about this are several years old now, so I guess I’m asking for an up-to-date answer. I need to allow users to change their passwords within the app (that is, after having logged in), but before being able to do so they would need to verify their existing password for security reasons. Looking at the API documentation I found the following link however it says:
This functionality is available only in Cloud Code/Business Logic
Does this mean I am unable to contact the REST API from my client app in order to verify the user’s existing password? Why would that be the case?
The reason for this is it opens up a security hole if this functionality is available from the clients side. This is the type of operation that must be performed from a “trusted environment” and Cloud Code is that kind of environment. To initiate password verification from the client app, you’d need to create an API service that would verify the password and invoke that service from your app.
Hey @Klaas_Klever, looking at the discussion you’re linking, I think using the login API would be a quick workaround (without me having to put together some custom business logic). In my case, I only allow users to login once (no multiple logins). Would it prevent the issue of multiple logins piling up? Thanks!
Hey @mark-piller, what’s the quickest way to implementing such service? Is it possible to wrap some simple code around the same Cloud Code endpoint? On that note about trusted environments, how do I ensure my client app counts as a trusted environment to Backendless?