Auth - current password not required for password change?

I've implemented a password change form using

await supabasePublic.auth.update({ password: data.password })

await supabasePublic.auth.update({ password: data.password })

await supabasePublic.auth.update({ password: data.password })

await supabasePublic.auth.update({ password: data.password }) on the front end. I noticed it is no way necessary to provide the old password on the api.

Is there any setting to require this? I couldn't find anything. This seems like a common security feature.

Auth - current password not required for password change?

Similar Threads

Similar Threads

Similar Threads