Passwords
The Passwords interface provides methods for authenticating, creating, resetting, and performing strength checks of passwords.
Stytch supports creating, storing, and authenticating passwords, as well as support for account recovery (password reset) and account deduplication with passwordless login methods.
Our implementation of passwords has built-in breach detection powered by HaveIBeenPwned on both sign-up and login, to prevent the use of compromised credentials and uses configurable strength requirements (either Dropbox’s zxcvbn or adjustable LUDS) to guide members towards creating passwords that are easy for humans to remember but difficult for computers to crack.
Types
Data class used for wrapping parameters used with Passwords authentication
Data class used for wrapping parameters used with Passwords create endpoint
Data class used for wrapping parameters used with Passwords ResetByEmail endpoint
Data class used for wrapping parameters used with Passwords ResetByEmailStart endpoint
Data class used for wrapping parameters used with Passwords StrengthCheck endpoint
Data class used for wrapping parameters used with Passwords StrengthCheck endpoint
Data class used for wrapping parameters used with Passwords StrengthCheck endpoint
Functions
Authenticate a user with their email address and password. This endpoint verifies that the user has a password currently set, and that the entered password is correct.
Authenticate a user with their email address and password. This endpoint verifies that the user has a password currently set, and that the entered password is correct.
Create a new user with a password and an authenticated session for the user if requested. If a user with this email already exists in the project, this method will return an error.
Create a new user with a password and an authenticated session for the user if requested. If a user with this email already exists in the project, this method will return an error.
Reset the user’s password and authenticate them. This endpoint checks that the magic link token is valid, hasn’t expired, or already been used. The provided password needs to meet our password strength requirements, which can be checked in advance with the strengthCheck method. If the token and password are accepted, the password is securely stored for future authentication and the user is authenticated.
Reset the user’s password and authenticate them. This endpoint checks that the magic link token is valid, hasn’t expired, or already been used. The provided password needs to meet our password strength requirements, which can be checked in advance with the strengthCheck method. If the token and password are accepted, the password is securely stored for future authentication and the user is authenticated.
Initiates a password reset for the email address provided. This will trigger an email to be sent to the address, containing a magic link that will allow them to set a new password and authenticate.
Initiates a password reset for the email address provided. This will trigger an email to be sent to the address, containing a magic link that will allow them to set a new password and authenticate.
Reset a user's password and authenticate them
Reset a user's password and authenticate them
Reset the user’s password and authenticate them. This endpoint checks that the session is valid and hasn’t expired or been revoked. The provided password needs to meet our password strength requirements, which can be checked in advance with the password strength endpoint. If the password and accompanying parameters are accepted, the password is securely stored for future authentication and the user is authenticated.
Reset the user’s password and authenticate them. This endpoint checks that the session is valid and hasn’t expired or been revoked. The provided password needs to meet our password strength requirements, which can be checked in advance with the password strength endpoint. If the password and accompanying parameters are accepted, the password is securely stored for future authentication and the user is authenticated.
This method allows you to check whether or not the user’s provided password is valid, and to provide feedback to the user on how to increase the strength of their password.
This method allows you to check whether or not the user’s provided password is valid, and to provide feedback to the user on how to increase the strength of their password.