Currently during a change password operation, UAA has a hard coded check preventing the use of the most recent password.  Has there been any work on customizing this behavior to preventing the last X passwords from being used?  If not, is there interest in me building this feature and offering it as a pull request because we have a use case for this functionality?  I suppose this would be a password validation policy that people could apply.

But if it's already available and I'm just missing it, I'm all ears! :-)

Thanks, Ryan