Sync user in google admin console without password - rest

Is there any way to create user in google admin console without password?
Users can create a new password with First Time Login
I am using google admin sdk API with service account Bearer token to create user.
Url: https://admin.googleapis.com/admin/directory/v1/users
Payload: {
"primaryEmail":"sampleuser#orgdomain.com",
"name":{
"givenName":"Test",
"familyName":"User"
},
"suspended":false,
"password":"Password1234",
"changePasswordAtNextLogin":true,
"ipWhitelisted":false,
"emails":[
{
"address":"sampleuser#orgdomain.com",
"type":"home",
"customType":"",
"primary":true
}
]
}
The API is failing without the password field. Is there any way to enable or disable any configuration in admin console to achieve same.? Related Answers will be helpful. Thanks

You can't create a user without a password within the API.
The method users.insert requires an instance of the Resource: users on the request body and the Resource: Users states that the password is required when creating a new user:
password:
Stores the password for the user account. The user's password value is required when creating a user account. It's optional when updating a user and should only be provided if the user is updating their account password. The password value is never returned in the API's response body.
A password can contain any combination of ASCII characters, and must be between 8-100 characters.
We recommend sending the password parameter as a hexadecimal-encoded hash value and setting hashFunction accordingly. If hashFunction is specified, the password must be a valid hash key.

Related

How to get a unique key from firebase auth to use as a password alternative for data encryption

I created a password manager in flutter, which stores password encrypted passwords in an db. I access this db via the backend, which is written in python. As a user in the app, you are able to set a master password, which after each login is passed to the backend, to encrypt the data. I now want to add sign in with google functionality (firebase authentication), so that you don't need to type in your master password every time. Is it possible to receive something like a key or a token from firebase after each successful google-login which you can use instead of the master password?
I noticed already that there is this uid in the firebase user class (which i receive from FirebaseAuth.instance.signInWithCredencial(google_sign_in_credencial) in the google registration progress) which is unique for every user, but i dont think that this is secure enough to replace this sensitive master password. I also heard from JWT Authorization, but i am not sure, if it's the right thing for that.

How to validate password of a disabled AEM user?

I have the authorizable ID and a password text. In a normal scenario, I can directly get the session using slingRepository.login option. If I am able to do so, that means the credentials are valid. But let's say if the user has been disabled for some reason then how can I validate the password because in that case AEM doesn't validate it and throws the AccountLockedException directly. I don't need the session, but I want to validate that the password I have is correct (programmatically).

Password change enforced in web application with REST API backend

In application I generate token to user if login and password correct.
But I have security policy about password changing in some period.
When password expires I need enforce user to change password, and block API (except login and change password endpoints) until he changed password.
What's other endpoints should answer in this case?
My desicion:
Until password not changed endpoints (except user/login, user/chg-pwd) answer 403 Forbiddent.

Login vTigerCRM via User Name & Password

According to the REST API documentation of vTigerCRM, its API only supports login with user name & access key.
Since vTigerCRM is based on SugarCRM, and API of SugarCRM allows user name & password to login, is there any chance that vTigerCRM can also login with user name & password?
Using vTigerCRM version 6.4.0
It is recommended to use username and access key. If you change the password of that user then also your code will work (i.e. you dont have to change the password in the code as you are using access key).

Login flow : WSSE Authentication & Facebook Sign in

I am playing with WSSE Authentication (through Symfony2) and I have defined the following classic Login flow :
User enters its username & password & get the associated salt from the server
username & password are checked on the server (ajax call) through a WSSE header check
If Credentials are valid then, required data (i.e data that allow to re-generate a WSSE Header at each request) is stored on the browser
This is fully working.
Now, I would like to add the "Signin with facebook" feature. That's not a problem there's plenty of documentation on it, BUT, my purpose & my difficulty is to keep the WSSE logical working
As the user never enters its password if he logs in with Facebook, I am unable to generate wsse headers, and for this there is no documentation at all.
Would someone have already dealt with such an operation? Thanks in advance
the solution i found is following this order :
1) Create a webservice not under the wsse firewall but secured by a header token or something else like x-token : fdslkjl324l2lrkljlkfsjflkjfkljl2, which return the password encrypted from the database for the given user.
like for example : you should have an webservice to get user salt to encrypt user s password to authenticate through wsse API.
2) use the classic wsse webservices with generated token from the encrypted password following the wsse
now that you have the password encrypted you can simply authenticate under the wsse service.
The most important thing is you don t have to put the user password in plain .