User creation through the Management API does not respond with detailed error messages for invalid passwords

joshua.thong · June 16, 2017, 1:04pm

Situation: user enters a weak password that fails the defined password policy.
Compare the API response from the Management API:

{
  "statusCode": 400,
  "error": "Bad Request",
  "message": "PasswordStrengthError: Password is too weak",
  "errorCode": "auth0_idp_error"
}

to the API response from the Authentication API:

{
    "name": "PasswordStrengthError",
    "message": "Password is too weak",
    "code": "invalid_password",
    "description": {
        "rules": 
            {
                "message": "At least %d characters in length",
                "format": 
                    8
                ],
                "code": "lengthAtLeast",
                "verified": true
            },
            {
                "message": "Should contain:",
                "code": "shouldContain",
                "verified": false,
                "items": 
                    {
                        "message": "lower case letters (a-z)",
                        "code": "lowerCase",
                        "verified": true
                    },
                    {
                        "message": "upper case letters (A-Z)",
                        "code": "upperCase",
                        "verified": false
                    },
                    {
                        "message": "numbers (i.e. 0-9)",
                        "code": "numbers",
                        "verified": false
                    }
                ]
            }
        ],
        "verified": false
    },
    "policy": "* At least 8 characters in length\n* Should contain:\n * lower case letters (a-z)\n * upper case letters (A-Z)\n * numbers (i.e. 0-9)",
    "statusCode": 400
}

I have no idea why the Management API provides almost no useful information. I actually need to use the Management API because it is the only way I can create a user while bypassing email validation (setting email_verified: true in the user creation request).

Please fix this.

prashantT · June 19, 2017, 10:36am

I have submitted this request to our engineering team to review. Note, we cannot commit to whether this will be implemented, or any ETA.

Topic		Replies	Views
Is detailed error messages of Management API for creating/updating user are planned? Help	2	3019	October 10, 2020
PasswordStrengthError on Management API doesn't include Feedback feature-request , management-api , password-strength , password-policy	6	3733	October 1, 2023
unexpected difference between create user response and signup response for weak password Help api , signup , password-strength , password-policy , api-call	2	4697	December 17, 2018
"description": "Password is too weak" even though the password meets the requirements Help login-experience , signup-prompt-new-experience	2	1923	March 3, 2023
I get "PasswordStrengthError: Password is too weak" Help	2	3780	December 21, 2022

User creation through the Management API does not respond with detailed error messages for invalid passwords

Related Topics