When I create a new user via the Management API, do I pass the password as a clear string or do I need to pre-encrypt it? ( bcrypt() ? )
I’ve assumed that it gets encrypted/hashed by the API…
Example:
$newUser = $management->users()->create(“Username-Password-Authentication”, [ “email” => “test@test.com”, “password” => “somepassword”, “email_verified” => true ] );
Thank you! I’ve been trying that, but I suspect my test password doesn’t meet the complexity requirements…
That should not matter - the password complexity rules are not checked in the mgmt API.
John
Interesting! I did not know that.
If you are using a lazy migration custom DB, the password rules are not enforced. That is what I was thinking of.
Did you get it working with a sufficiently strong password?
John
Yes, that appears to do the trick. I was able to create a new user via the Management API (programmatically) and was able to log in with it. Thanks for your help.
Excellent. I talked to a few experts yesterday, it turns out that the password strength rules are enforced almost everywhere EXCEPT the lazy migration case.
John
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
