Password verification via REST API

(Walker Crouse) #1

Hello I have a question regarding the REST API. I currently have a web service that shares account information with our Discourse instance using SSO. Everything works gorgeously and the user is able to authenticate with my service via the instance.

However, I’ve reached the point where I need a user to enter their password for certain actions just for added security. I need a way to verify the password against discourse even if the user is signed in on Discourse. Is this currently possible?

(Walker Crouse) #2

I suppose a way around this would be logging the user out with /admin/users/:id/log_out and then having them authenticate again with SSO but this is not ideal.