You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
So if we want to properly create "validators" when we create our own UI for a reset password for example, we'll need to hardcode that maxLength of 200 chars if we use v2 api.
I did not test, but if we're allowed to set a password > 200 chars in the console, we won't be able to use the new APIs, for example change password on v2 api, because the current password will be limited to 200 chars and therefore don't match (https://zitadel.com/docs/apis/resources/user_service/user-service-set-password)
Describe your ideal solution
Add maxLength (same as minLength) for the passwordcomplexity policy as it will anyway be limited by the API.
Version
2.51.1
Environment
Self-hosted
Additional Context
No response
The text was updated successfully, but these errors were encountered:
Since there can be further restrictions depending on the hashing algorithm, e.g. bcrypt only is able to handle 72bytes we'll close this issue in favor of: #4993
Preflight Checklist
Describe your problem
Hello,
Checking https://zitadel.com/docs/apis/resources/user_service/user-service-set-password, we can see that there's a
maxLength
on the password of 200 chars.However, there's no
maxLength
in the passwordcomplexity policy:So if we want to properly create "validators" when we create our own UI for a reset password for example, we'll need to hardcode that
maxLength
of 200 chars if we use v2 api.I don't know from where that limit come from, it seems not to be there for v1 api (https://zitadel.com/docs/apis/resources/auth/auth-service-update-my-password), it seems that all string fields when using new APIs are limited to 200 chars.
I did not test, but if we're allowed to set a password > 200 chars in the console, we won't be able to use the new APIs, for example change password on v2 api, because the current password will be limited to 200 chars and therefore don't match (https://zitadel.com/docs/apis/resources/user_service/user-service-set-password)
Describe your ideal solution
Add
maxLength
(same asminLength
) for the passwordcomplexity policy as it will anyway be limited by the API.Version
2.51.1
Environment
Self-hosted
Additional Context
No response
The text was updated successfully, but these errors were encountered: