We have an existing database connection (Auth0-hosted with gradual migration enabled). For its whole existence we’ve had the “Require username” flag ON, and we have various rules based around username, etc.
What is going to happen if we turn off that flag for our connection? I have multiple questions.
Will existing users be deleted or destabilized?
Will existing users retain their username field in their profile?
Will the username field automatically disappear from the Lock “Create” form?
Will the language on the login form automatically change from “username/password” to something else?
Can we (this is import for back-channel authentication) still submit a username through the Authentication API, instead of an email address, for some cases, and expect it to authenticate properly?
I don’t know the answer, but I suspect you cannot turn it off.
It is easy enough to test: create a database, add a user with a username, then try to turn it off. I suspect it will say you can’t.
No. The users will no longer have the option to log in with their username, but they can still log in with their email address. Nothing will change as far as the user’s data.
Will existing users retain their username field in their profile?
Yes.
Will the username field automatically disappear from the Lock “Create” form?
Yes.
Will the language on the login form automatically change from “username/password” to something else?
Can we (this is import for back-channel authentication) still submit a username through the Authentication API, instead of an email address, for some cases, and expect it to authenticate properly?
It looks like the Password Grant will work for the Authentication API if you pass a username or an email with requires_username turned off.
However, an error will be returned if you try to create a user with the Management API.
Yes, that is correct. If the “Require username” flag is OFF then you cannot pass the username property in the Management API’s create a user endpoint request body.
It will return a 400:
{
"statusCode": 400,
"error": "Bad Request",
"message": "Cannot set username for connection without requires_username",
"errorCode": "operation_not_supported"
}