search

ory / kratos

The most scalable and customizable identity server on the market. Replace your Homegrown, Auth0, Okta, Firebase with better UX and DX. Has all the tablestakes: Passkeys, Social Sign In, Multi-Factor Auth, SMS, SAML, TOTP, and more. Written in Go, cloud native, headless, API-first. Available as a service on Ory Network and for self-hosters.
https://www.ory.sh/?utm_source=github&utm_medium=banner&utm_campaign=kratos
Apache License 2.0
11.34k stars 964 forks source link

There is no way to change min_password_length #4150

Open tamtakoe opened 1 month ago

tamtakoe commented 1 month ago

Preflight checklist

Ory Network Project

No response

Describe the bug

There is no way to change min_password_length to less than 6, because it is hardcoded in internal config.schema.json

The min_password_length should be 0 because it's my responsibility to decide what password I want. There are some cases where a business needs a 1-2-3-4 letter password.

Reproducing the bug

If you set this min_password_length inside kratos.yaml

  methods:
    password:
      enabled: true
      config:
        min_password_length: 3

You get error selfservice.methods.password.config.min_password_length: 3 must be >= 6 but found 3

Relevant log output

The configuration contains values or keys which are invalid:
prod_kratos.1.1oumfwuv2mhy@ip-1-2-3-4    | selfservice.methods.password.config.min_password_length: 3
prod_kratos.1.1oumfwuv2mhy@ip-1-2-3-4    |

Relevant configuration

No response

Version

1.2.0

On which operating system are you observing this issue?

None

In which environment are you deploying?

None

Additional Context

No response

Denish3436 commented 1 month ago

Hi @tamtakoe I would like to work on this.