Don't set password when oauth2 creates a user
Setting a password can cause problems with other APIs that expect the password to be null. In addition, it doesn't match the implementation for the other APIs that create a user without a password (Create Magic URL Session, Create Phone Session, Create Anonymous Session, etc).
This commit is contained in:
parent
9ac4c998ae
commit
bcd44432d1
1 changed files with 1 additions and 1 deletions
|
@ -644,7 +644,7 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect')
|
|||
'email' => $email,
|
||||
'emailVerification' => true,
|
||||
'status' => true, // Email should already be authenticated by OAuth2 provider
|
||||
'password' => Auth::passwordHash(Auth::passwordGenerator(), Auth::DEFAULT_ALGO, Auth::DEFAULT_ALGO_OPTIONS),
|
||||
'password' => null,
|
||||
'hash' => Auth::DEFAULT_ALGO,
|
||||
'hashOptions' => Auth::DEFAULT_ALGO_OPTIONS,
|
||||
'passwordUpdate' => null,
|
||||
|
|
Loading…
Reference in a new issue