Skip to content

Password Verification

Description

When a user needs to change their password in your application, you may need to verify their existing password for security reasons. Since Backendless stores passwords in the encrypted format and never returns the password value, you need to use the API call documented below to implement password verification. The API checks the provided password value against the one stored in the database. User must be logged - Backendless verifies provided value for the currently logged in user.

This functionality can be used only in CloudCode (Java, JS or Codeless), the reason for this restriction is that a malicious use of this API can easily compromise application's security. As a result, this API must be used from a controlled environment.

Method

public boolean Backendless.UserService.verifyPassword( String password )

where:

Argument                Description
passwordValue Value to check against the password stored in the database. String value.

Return Value

true if the password is correct, otherwise false.

Example

The example below verifies the password "wonderland" against the password stored in the Backendless database.

// To verify the password you must have an active session/user-token.
String email = "<user email>";
String password = "<user password>";
Backendless.UserService.login( email, password, true );

// Once logged in, you can verify the password.
boolean isPasswordVerified = Backendless.UserService.verifyPassword( password );

Codeless Reference

user_service_codeless_verify_current_user_password

Returns true if the password is correct, otherwise false.

Consider the following record in the Users data table:
user_service_codeless_example_get_user_roles_example_1

The example below logs in as "alice@wonderland.com" to obtain the user token which is required for this operation. Then it verifies the user password and returns true since passwords match.

user_service_codeless_example_verify_current_user_password