When I create a new user via the Management API, do I pass the password as a clear string or do I need to pre-encrypt it? ( bcrypt() ? )
I’ve assumed that it gets encrypted/hashed by the API…
Example:
$newUser = $management->users()->create(“Username-Password-Authentication”, [ “email” => “test@test.com ”, “password” => “somepassword”, “email_verified” => true ] );
Hi @FuturShoc
Cleartext string. The doc doesn’t explicitly state this, sorry.
John
Thank you! I’ve been trying that, but I suspect my test password doesn’t meet the complexity requirements…
That should not matter - the password complexity rules are not checked in the mgmt API.
John
Interesting! I did not know that.
If you are using a lazy migration custom DB, the password rules are not enforced. That is what I was thinking of.
Did you get it working with a sufficiently strong password?
John
1 Like
Yes, that appears to do the trick. I was able to create a new user via the Management API (programmatically) and was able to log in with it. Thanks for your help.
Excellent. I talked to a few experts yesterday, it turns out that the password strength rules are enforced almost everywhere EXCEPT the lazy migration case.
John
system
Closed
October 20, 2022, 2:29pm
9
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.