-
-
Notifications
You must be signed in to change notification settings - Fork 365
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feature request: Password policies when updating user password #5714
Labels
feature-request
Something cool or not cool
Comments
This is a solid case, will discuss with the team. |
This issue is stale because it has been open for 30 days with no activity. Remove stale label or comment or this will be closed in 5 days. |
Another idea would be to extend the first screen parameter with a |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Problem
To update a user password, we have to use the management API (PATCH /api/users/{userId}/password). But doing so will not use the password policies, so you can set it to anything you like. This means we have to roll our own password validation and try to sync it with the Logto settings.
Solution(s) proposal
Make it possible to optionally enable the policies using the management API. This would be beneficial both for user managers and for users.
Another solution could be to make use of the "Forgot password" function, if it would be possible to trigger that email to be sent from the management API. Ie when a user is signed in and click "Change my password", that "forgot password"-email is triggered. This would not be very efficient for user managers, but it would likely be good for users and i personally like the fact that we (we as in the service provider using logto) won't have to host any change password-form and "see" the password.
The text was updated successfully, but these errors were encountered: