How will existing connection behave when we turn OFF "Require username"?

zblocker_debtx · January 11, 2021, 9:11pm

We have an existing database connection (Auth0-hosted with gradual migration enabled). For its whole existence we’ve had the “Require username” flag ON, and we have various rules based around username, etc.

What is going to happen if we turn off that flag for our connection? I have multiple questions.

Will existing users be deleted or destabilized?
Will existing users retain their username field in their profile?
Will the username field automatically disappear from the Lock “Create” form?
Will the language on the login form automatically change from “username/password” to something else?
Can we (this is import for back-channel authentication) still submit a username through the Authentication API, instead of an email address, for some cases, and expect it to authenticate properly?

john.gateley · January 12, 2021, 2:07pm

Hi @zblocker_debtx

I don’t know the answer, but I suspect you cannot turn it off.
It is easy enough to test: create a database, add a user with a username, then try to turn it off. I suspect it will say you can’t.

John

stephanie.chamblee · January 12, 2021, 2:50pm

Hi @zblocker_debtx,

Will existing users be deleted or destabilized?

No. The users will no longer have the option to log in with their username, but they can still log in with their email address. Nothing will change as far as the user’s data.

Will existing users retain their username field in their profile?

Yes.

Will the username field automatically disappear from the Lock “Create” form?

Yes.

Will the language on the login form automatically change from “username/password” to something else?

Yes, here is an example (you can also customize Universal Login)

Can we (this is import for back-channel authentication) still submit a username through the Authentication API, instead of an email address, for some cases, and expect it to authenticate properly?

It looks like the Password Grant will work for the Authentication API if you pass a username or an email with requires_username turned off.
However, an error will be returned if you try to create a user with the Management API.

zblocker_debtx · January 12, 2021, 2:29pm

Hi Stephanie, just one follow-up on that last sentence:

However, an error will be returned if you try to create a user with the Management API.

In which case would an error be returned: if we try to post a new user that has the username field set?

stephanie.chamblee · January 12, 2021, 2:50pm

Yes, that is correct. If the “Require username” flag is OFF then you cannot pass the username property in the Management API’s create a user endpoint request body.

It will return a 400:

{
  "statusCode": 400,
  "error": "Bad Request",
  "message": "Cannot set username for connection without requires_username",
  "errorCode": "operation_not_supported"
}