Problem statement
When the password dictionary feature is enabled on an Auth0 database connection and as per the documentation, the error code should be “password_dictionary_error”, but when the signup API is called, the error code received is invalid_password .
Is it possible to use the name attribute instead as the code is too generic?
Sample Request:
curl --request POST \
--url 'https://[TENANT-NAME].[REGION].auth0.com/dbconnections/signup' \
--header 'content-type: application/json' \
--data '{"client_id":"CLIENT_ID", "email":"test@test.com", "password":"111111", "connection":"Username-Password-Authentication"}'
Error Response:
{"name":"PasswordDictionaryError","message":"Password is too common","code":"invalid_password","description":"Password is not allowed, it might be too common.","statusCode":400}
Solution
The shared documentation link shows the error code used in the Lock Widget, which is mapped from the name parameter.
The name property with the PasswordDictionaryError message can be used to implement customizations for the Password Dictionary errors on the client side when the signup API is called.