Auth0 NodeJS Client - Password is not allowed

jay1 · July 17, 2017, 12:07pm

When tried to change user password using Auth0 client

var auth0 = new AuthenticationClient({
    domain: 'eyelashr.auth0.com',
    clientId: '<CID>'
});

var data = { email: 'jay@abc.com', password: 'somePwd', connection: 'Custom-Connection' }; 
auth0.database.changePassword(data, function (err, message) {
    if (err) { // Handle error. 
        console.log(err);
    }
    console.log(message); 
});

I am getting following error:

{ password is not allowed: [object Object]
    at C:\wamp64\www\repos\lashtest\node_modules\rest-facade\src\Client.js:293:22
    at Request.callback (C:\wamp64\www\repos\lashtest\node_modules\superagent\lib\node\index.js:688:3)
    at C:\wamp64\www\repos\lashtest\node_modules\superagent\lib\node\index.js:883:18
    at IncomingMessage.<anonymous> (C:\wamp64\www\repos\lashtest\node_modules\superagent\lib\node\parsers\json.js:16:7)
    at emitNone (events.js:91:20)
    at IncomingMessage.emit (events.js:185:7)
    at endReadableNT (_stream_readable.js:974:12)
    at _combinedTickCallback (internal/process/next_tick.js:80:11)
    at process._tickCallback (internal/process/next_tick.js:104:9)
  name: 'password is not allowed',
  message: { error: 'password is not allowed' },
  statusCode: 400 }

I have checked settings and added Grant password under client. Also set password policy to any 6 characters.

any idea what am I missing or whats wrong here?

prashantT · July 17, 2017, 12:18pm

Setting a password directly from the API is not supported anymore due to security considerations. The Change Password flow v2 instead triggers an email to the user, where they can follow a link to reset their password; hence, passing the password parameter is not supported. You should only send the email and connection parameter, which will trigger the email to the user.

Read through the Change Password docs for more info:

jay1 · July 17, 2017, 12:25pm

Please modify github documentation and a NodeJS library. This says otherwise:

http://auth0.github.io/node-auth0/module-auth.DatabaseAuthenticator.html#requestChangePasswordEmail

Need to remove this in this case.

Also remove this method from documentation:

requestChangePasswordEmail()

http://auth0.github.io/node-auth0/module-auth.DatabaseAuthenticator.html#requestChangePasswordEmail

please update documentations.

Topic		Replies	Views
Auth0 node.js sdk client.signup does not follow password policy set in auth0 console Help password-policy	4	3085	October 15, 2020
Does Auth0.js v9 Reference have change password feature? Help password-reset	2	1715	September 30, 2022
auth0.changePassword always returns OK even when user is not found Help auth0js , change-password	8	6307	April 12, 2019
Auth0-Java 403 Error Grant Type Password not Allowed For Client Help java	4	6557	March 2, 2018
Change password with management API Help	2	11387	August 9, 2022

Auth0 NodeJS Client - Password is not allowed

Related Topics