A way to re-authenticate a user

[Mitelak]

Is this related to a new or existing framework?

No response

Is this related to a new or existing API?

Authentication

Is this related to another service?

No response

Describe the feature you'd like to request

I have a potentially destructive operation, like changing the account email. To confirm it's "safe" to change that email, on the backend, we check auth_time to be a recent one.

In v5, we ask users for their password and call signIn with it so they get a fresher auth_time.
In v6, it is no longer possible to call signIn on the authenticated user.

What's the best way to solve this in v6?
Is there any option to update auth_time, bypass assertUserNotAuthenticated, or ask for re-entering password as a form of confirmation?

Describe the solution you'd like

For the auth_time use case:

• an additional option for signIn method to bypass user authentication check
• a direct export of more low-level methods like signInWithUserPassword
• another way to bump this value, like a revalidatePassword or something

The password confirmation use case in general:

• a method for confirming user password and that updates property similar to auth_time like password_confirmation_time
• any other way to confirm that the user passed the correct password, while being already authenticated

Describe alternatives you've considered

There is a hack that could mimic the v5 behavior:

1. Backup cookies
2. Sign out
3. Try to sign in
4. If error, bring back backup; if successful, do nothing

Additional context

No response

Is this something that you'd be interested in working on?

• 👋 I may be able to implement this feature request
• ⚠️ This feature might incur a breaking change