logto/.changeset/yellow-yaks-bathe.md at eee4317dacbe977676c0ab4071d5f3d0051c76ea

mirror of https://github.com/logto-io/logto.git synced 2024-12-30 20:33:54 -05:00

feat(core): password checking api (#6567 )

* feat(core): password checking api

* refactor(core): improve API response

2024-09-11 06:55:07 +00:00

802 B

Raw Blame History

@logto/core	@logto/integration-tests
minor	patch

add password policy checking api

Add POST /api/sign-in-exp/default/check-password API to check if the password meets the password policy configured in the default sign-in experience. A user ID is required for this API if rejects user info is enabled in the password policy.

Here's a non-normative example of the request and response:

POST /api/sign-in-exp/default/check-password
Content-Type: application/json

{
  "password": "123",
  "userId": "some-user-id"
}

400 Bad Request
Content-Type: application/json

{
  "result": false,
  "issues": [
    { "code": "password_rejected.too_short" },
    { "code": "password_rejected.character_types" },
    { "code": "password_rejected.restricted.sequence" }
  ]
}

802 B Raw Blame History

802 B

Raw Blame History