I would like to report on unexpected difference between “create user” response and “signup” response for weak password.
We are integrating auth0 as an OAuth2.0 Identity Provider at our Java backend server.
We are using the “create user” management API.
In case the API fails due to the input of our users (weak password, etc…), we would like to present our users with the API message.
However, in case of PasswordStrengthError - it seems that the “create” API doesn’t return detailed description of the password rules while the “signup” API is returning such detailed description.
The “create” API just return “Password is too weak” - so our users are not presented with the required password rules that are defined at our auth0 connection.
Would it be possible to enhance the “create” API so it would return the password rules in case the specified password is too weak ( just like the “signup” API )?
For example:
Management Api create user: /api/v2/users
{“statusCode”:400,
“error”:“Bad Request”,
“message”:“PasswordStrengthError: Password is too weak”}
SignUp Api: /dbconnections/signup
{name=‘PasswordStrengthError’,
code=‘invalid_password’,
description={rules={message=At least %d characters in length, format=[6], code=lengthAtLeast, verified=false}], verified=false}
error=‘null’,
message=‘Password is too weak’,
statusCode=400
}