Auth0 NodeJS Client - Password is not allowed

When tried to change user password using Auth0 client

var auth0 = new AuthenticationClient({
    domain: 'eyelashr.auth0.com',
    clientId: '<CID>'
});

var data = { email: 'jay@abc.com', password: 'somePwd', connection: 'Custom-Connection' }; 
auth0.database.changePassword(data, function (err, message) {
    if (err) { // Handle error. 
        console.log(err);
    }
    console.log(message); 
});

I am getting following error:

{ password is not allowed: [object Object]
    at C:\wamp64\www\repos\lashtest\node_modules\rest-facade\src\Client.js:293:22
    at Request.callback (C:\wamp64\www\repos\lashtest\node_modules\superagent\lib\node\index.js:688:3)
    at C:\wamp64\www\repos\lashtest\node_modules\superagent\lib\node\index.js:883:18
    at IncomingMessage.<anonymous> (C:\wamp64\www\repos\lashtest\node_modules\superagent\lib\node\parsers\json.js:16:7)
    at emitNone (events.js:91:20)
    at IncomingMessage.emit (events.js:185:7)
    at endReadableNT (_stream_readable.js:974:12)
    at _combinedTickCallback (internal/process/next_tick.js:80:11)
    at process._tickCallback (internal/process/next_tick.js:104:9)
  name: 'password is not allowed',
  message: { error: 'password is not allowed' },
  statusCode: 400 }

I have checked settings and added Grant password under client. Also set password policy to any 6 characters.

any idea what am I missing or whats wrong here?

Setting a password directly from the API is not supported anymore due to security considerations. The Change Password flow v2 instead triggers an email to the user, where they can follow a link to reset their password; hence, passing the password parameter is not supported. You should only send the email and connection parameter, which will trigger the email to the user.

Read through the Change Password docs for more info:

Please modify github documentation and a NodeJS library. This says otherwise:

http://auth0.github.io/node-auth0/module-auth.DatabaseAuthenticator.html#requestChangePasswordEmail

Need to remove this in this case.

Also remove this method from documentation:

requestChangePasswordEmail()

http://auth0.github.io/node-auth0/module-auth.DatabaseAuthenticator.html#requestChangePasswordEmail

please update documentations.

8 Likes