I am trying to enable a flow where users of a web site can reset their passwords when ti has expired. I have enabled the maxAge configuration to make the password expire after 10 days. This works well and I get an expiry error. When I get this, I redirect the user to a change-password page where they need to enter the old and new passwords.
I am now stuck at how to verify the old password ! If I try to bind using the user's credentials, I get a password expiry error regardless of whether the password I provide is right or not. I know there is a Admin user - can I use it somehow to check th correctness of a user password even after its expired so that I can then change it to the new one? Thanks.
