Closed namsor closed 1 year ago
Hey @namsor, we may consider setting a client side enforcement in firebaseui via some regex. Though the risk is if the user cannot meet the regex requirements, we still need a custom error message to guide the user beyond just a message that the password is too weak.
Thank you, yes. The custom error message could be passed along with the regexp.
I'm also interested - will the minimum password length be available for configuration?
Also, please, don't forget about password recovery. Because it should have the same rule.
Hey @namsor, we may consider setting a client side enforcement in firebaseui via some regex. Though the risk is if the user cannot meet the regex requirements, we still need a custom error message to guide the user beyond just a message that the password is too weak.
What is the status on this guys?
Having some kind of built in mechanism to control password regex for firebase authentication would be amazing.
Please guys, develop this functionality. It could look somethings like these.
const rules = [
{
rule: "some regex",
message: "My error message for this rule"
},
{
rule: "some other regex",
message: "My error message for this rule"
},
// ... more rules
];
await firebase.auth().enforcePasswordRules(rules);
Hi all, thanks for your input on this feature request! We are unable to promise any timeline for this, but if others also have this request, adding a +1 on this issue can help us prioritize adding this to the roadmap.
Internal tracking bug: b/188591575
A merchant is blocking our registration because we cannot implement a stronger password requirement. I see the work arounds but it would be nice if this was implemented directly.
+1 I need this too
+1
+1 as it sounds super basic and important
+1 please add minimum strength also
+1 6 characters is a very, very basic starting point for a password. Enabling additional rules around passwords would greatly increase peace of mind while using FirebaseUI.
+1
+1
+1
+1
+1
+1
The current problem of not being able to set a set of rules for passwords is a huge issue for Firebase as far as I'm concerned. We need to be able to program regex rules into FB for our apps.
+1
+1
+1
+1
This is currently implemented on the Google Cloud Identity Platform backend - https://cloud.google.com/identity-platform/docs/password-policy
+1
+1
+1
+1
+1
+1
You can do this via the admin API: https://cloud.google.com/identity-platform/docs/password-policy. We don't have plans to add this to FirebaseUI, although I can imagine something like surfacing error messages being handy. Let us know what you need as you start using this.
Yeah, it would be nice to surface the error through FirebaseUI. We're using FirebaseUI for authentication , and we need to meet some minimum requirements in terms of security and password strength is one of those. So it would be nice to expose that error so that we can set the strength on identity platform , and then show the error on the mobile
I had open a request https://github.com/firebase/FirebaseUI-Android/issues/2128 but it didn't get any traction
+1
Hi!
Currently, Firebase will through a FirebaseAuthWeakPasswordException if the password length is less that 6.
Could additional password rules be configured on the client side, for example if we would like to encore a minimum password length of 8 ? The IT Security team of a client is requesting this minimum password length.
The minimum password length or custom rules could be specified in Other config options...
ui.start('#firebaseui-auth-container', { signInOptions: [ // List of OAuth providers supported. ... firebase.auth.EmailAuthProvider.PROVIDER_ID ], // Other config options...
});
Alternatives were discussed in this Stackoverflow thread, but none seems convincing, https://stackoverflow.com/questions/36318198/set-minimum-password-length-firebase-email-password-authentication
Thanks for considering this enhancement or suggesting an alternative approach, Elian