You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Problem
To update a user password, we have to use the management API (PATCH /api/users/{userId}/password). But doing so will not use the password policies, so you can set it to anything you like. This means we have to roll our own password validation and try to sync it with the Logto settings.
Solution(s) proposal
Make it possible to optionally enable the policies using the management API. This would be beneficial both for user managers and for users.
Another solution could be to make use of the "Forgot password" function, if it would be possible to trigger that email to be sent from the management API. Ie when a user is signed in and click "Change my password", that "forgot password"-email is triggered. This would not be very efficient for user managers, but it would likely be good for users and i personally like the fact that we (we as in the service provider using logto) won't have to host any change password-form and "see" the password.
The text was updated successfully, but these errors were encountered:
Problem
To update a user password, we have to use the management API (PATCH /api/users/{userId}/password). But doing so will not use the password policies, so you can set it to anything you like. This means we have to roll our own password validation and try to sync it with the Logto settings.
Solution(s) proposal
Make it possible to optionally enable the policies using the management API. This would be beneficial both for user managers and for users.
Another solution could be to make use of the "Forgot password" function, if it would be possible to trigger that email to be sent from the management API. Ie when a user is signed in and click "Change my password", that "forgot password"-email is triggered. This would not be very efficient for user managers, but it would likely be good for users and i personally like the fact that we (we as in the service provider using logto) won't have to host any change password-form and "see" the password.
The text was updated successfully, but these errors were encountered: