Hi,

I have a valid token with the right scopes and authorities as seen below
when decoded:

{"jti":"06ef4e8d-2dc9-4458-9aca-ef89384861c6","sub":"85d99b6e-eaeb-4171-98ba-3e6843f577d7","scope":["password.write","openid","oauth.approvals"],"client_id":"useraccount","cid":"useraccount","azp":"useraccount","grant_type":"password","user_id":"85d99b6e-eaeb-4171-98ba-3e6843f577d7","user_name":"johndoeyAgB4wxoe","email":"
kay1(a)email.com","iat":1438159365,"exp":1438202565,"iss":"
http://localhost:8080/uaa/oauth/token
","aud":["useraccount","password","openid","oauth"]}

However, when I make a request to /Users/[userid]/password, I get the
following error:

"authentication":null,"extraInformation":null,"message":"Invalid password
change request","localizedMessage":"Invalid password change
request","suppressed":[]

The full error log is attached.

To replicate, this is the sample request:

curl -v -H 'Authorization: Bearer
eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiIwNmVmNGU4ZC0yZGM5LTQ0NTgtOWFjYS1lZjg5Mzg0ODYxYzYiLCJzdWIiOiI4NWQ5OWI2ZS1lYWViLTQxNzEtOThiYS0zZTY4NDNmNTc3ZDciLCJzY29wZSI6WyJwYXNzd29yZC53cml0ZSIsIm9wZW5pZCIsIm9hdXRoLmFwcHJvdmFscyJdLCJjbGllbnRfaWQiOiJ1c2VyYWNjb3VudCIsImNpZCI6InVzZXJhY2NvdW50IiwiYXpwIjoidXNlcmFjY291bnQiLCJncmFudF90eXBlIjoicGFzc3dvcmQiLCJ1c2VyX2lkIjoiODVkOTliNmUtZWFlYi00MTcxLTk4YmEtM2U2ODQzZjU3N2Q3IiwidXNlcl9uYW1lIjoiam9obmRvZXlBZ0I0d3hvZSIsImVtYWlsIjoia2F5MUB5b29rb3MuY29tIiwiaWF0IjoxNDM4MTU5MzY1LCJleHAiOjE0MzgyMDI1NjUsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC91YWEvb2F1dGgvdG9rZW4iLCJhdWQiOlsidXNlcmFjY291bnQiLCJwYXNzd29yZCIsIm9wZW5pZCIsIm9hdXRoIl19.dz1ysSNt-TYvVspIqxXizBJp6ZahIv7Q5INwvYmJ430'
-H 'Content-Type: application/json' -d '{"password":"newpass",
"oldPassword":"oldpass03"}' -X PUT
http://localhost:8080/uaa/Users/e39919f6-6f47-45c5-915d-734b9b2f1387/password