Case-sensitive username

[hamhands]

Tried logging in to a customer's org and my credentials kept getting rejected. As a sanity check I made sure they worked in ArcGIS Online and ultimately realized the issue was capitalization in the username. Kind of a maddening issue as it was difficult to determine if my credentials were truly wrong after entering the same information over and over:

Unless there's a benefit I'm missing, case-sensitivity seems like a bug when it comes to usernames. ArcGIS Online converts usernames to lower case right?

[MikeMillerGIS]

Yes, this uses the Generate Token end point, which is case sensitive. Logging in through the web uses the OAuth endpoint which is not.

[hamhands]

@MikeMillerGIS ah ok. Are there any improvements that could be made here, at minimum a reminder in the error message that the end point is case sensitive?

[rohitgeo]

From https://geonet.esri.com/message/691600-re-user-name-is-case-sensitive?commentID=691600&et=watches.email.outcome#comment-691600

User names are case sensitive according the Account Troubleshoot Help page at http://doc.arcgis.com/en/arcgis-online/reference/troubleshoot-account.htm . This Stack Overflow article at https://stackoverflow.com/questions/539463/are-user-names-ever-case-sensitive discusses some reasons why, but increased security is the most obvious and strongest reason for doing so. AGOL supports federation with enterprise logins which may also require case sensitive user names. If you have usernames stored inconsistently across various tables of systems, you may want to add the .lower() method on any code that is handing user name strings.

[scw]

Providing context for users here would be better in the failure case to minimize suprise. As it is, they can't tell between failure cases of actual username or password (misspellings) and a case error on username. Just updating the error to include something like "Invalid username or password. Note usernames are case sensitive, check that the username is capitalized correctly".