Hello!
I’m using an external API to tag risky password. But to achieve this, I need to access to the SHA1 of the password used for login on the onExecutePostLogin triggers.
It not seems to be accessible, what’s kind of solutions do I have? Is it possible to forward it into a header from Customize Login Page and read it in onExecutePostLogin ?
Thank you in advance 
Unfortunately, as mentioned in our documentation about Exporting Data:
The only information which is not available through the API (for security reasons) are the password hashes of your Auth0-hosted database users and private keys. You can still request this information by opening a support ticket. This operation is not available for our Free subscription tier, and we are unable to accept or guarantee requests for exports at a specific time and date.
As an alternative solution, you can set up a custom database which you can query through from Auth0 in order to retrieve the hash stored there and then forward that information to your risk assessment API.
You can also go to your password setting from Database → Authentication Methods → Password → Configure and you can enable the following options for your database:
If you have any other questions regarding the matter, feel free to leave a reply on the post!
Kind Regards,
Nik
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.