{"kind":"identitytoolkit#VerifyPasswordResponse","localId":"CJL1i2","email":"cloudysanfrancisco@gmail.com","displayName":"","idToken":"ID_TOKEN","registered":true,"userNotifications":[{"notificationCode":"MISSING_NUMERIC_CHARACTER","notificationMessage":"Password must contain a numeric character"},{"notificationCode":"MISSING_NON_ALPHANUMERIC_CHARACTER","notificationMessage":"Password must contain a non-alphanumeric character"}]}
import{getAuth}from'firebase-admin/auth';// Update project config with password policy configgetAuth().projectConfigManager().updateProjectConfig({passwordPolicyConfig:{enforcementState:'ENFORCE',forceUpgradeOnSignin:true,constraints:{requireUppercase:true,requireLowercase:true,requireNonAlphanumeric:true,requireNumeric:true,minLength:MIN_PASSWORD_LENGTH,maxLength:MAX_PASSWORD_LENGTH,},},})
替换以下内容:
MIN_PASSWORD_LENGTH:所需的最小密码长度
MAX_PASSWORD_LENGTH:所需的最大密码长度
如需在租户级强制执行密码政策,请运行以下命令:
import{getAuth}from'firebase-admin/auth';// Update project config with password policy configgetAuth().tenantManager().createTenant({displayName:"admin-tenant",passwordPolicyConfig:{enforcementState:'ENFORCE',forceUpgradeOnSignin:true,constraints:{requireUppercase:true,requireLowercase:true,requireNonAlphanumeric:true,requireNumeric:true,minLength:MIN_PASSWORD_LENGTH,maxLength:MAX_PASSWORD_LENGTH,},},})
停用强制执行
如需在项目级停用密码政策强制执行功能,请运行以下命令:
import{getAuth}from'firebase-admin/auth';// Update project config with password policy configgetAuth().projectConfigManager().updateProjectConfig({passwordPolicyConfig:{enforcementState:'OFF',},})
如需在租户级别停用密码政策强制执行,请运行以下命令:
import{getAuth}from'firebase-admin/auth';// Update tenant config with password policy configgetAuth().tenantManager().updateTenant(TENANT-ID,{passwordPolicyConfig:{enforcementState:'OFF',},})
将 TENANT-ID 替换为您要为其停用密码政策的租户 ID。
在客户端强制执行
您可以在提交前在客户端根据项目或租户的密码政策对密码进行验证。
import{getAuth,validatePassword}from'firebase/auth';constauth=getAuth();auth.tenantId=TENANT-ID;conststatus=awaitvalidatePassword(auth,'password').catch((error)=>{// Password could not be validated.});constpolicy=status.passwordPolicy;// Use the status and policy to show what requirements are met and which are missing.
[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["很难理解","hardToUnderstand","thumb-down"],["信息或示例代码不正确","incorrectInformationOrSampleCode","thumb-down"],["没有我需要的信息/示例","missingTheInformationSamplesINeed","thumb-down"],["翻译问题","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2025-09-04。"],[[["\u003cp\u003ePassword policies enhance security by enforcing complexity requirements, such as lowercase, uppercase, numeric, and non-alphanumeric characters, along with minimum and maximum length.\u003c/p\u003e\n"],["\u003cp\u003ePassword policy enforcement can be set to "Require," failing sign-ups until password compliance, or "Notify," allowing sign-ups with non-compliant passwords but notifying users of missing criteria.\u003c/p\u003e\n"],["\u003cp\u003ePassword policy can be enforced at the project or tenant level, with the option to immediately enforce or use a notification-based approach for existing users.\u003c/p\u003e\n"],["\u003cp\u003eEnforcement can be disabled at either the project or tenant level by setting the \u003ccode\u003eenforcementState\u003c/code\u003e to \u003ccode\u003eOFF\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003ePasswords can be validated on the client-side before submission to check if they comply with the project or tenant's password policy.\u003c/p\u003e\n"]]],[],null,["# Enable, disable, and use password policies\n==========================================\n\nThis document shows you how to use password policies to improve password\nstrength for new and existing users.\n\nOverview\n--------\n\nWith password policies, you can improve account security by enforcing password\ncomplexity requirements. Password policies support the following password\nrequirements:\n\n- Lowercase character required\n- Uppercase character required\n- Numeric character required\n- Non-alphanumeric character required\n- Minimum password length (ranges from 6 to 30 characters; defaults to 6)\n- Maximum password length (maximum length of 4096 characters)\n\nThe following characters satisfy the non-alphanumeric character requirement if\nconfigured:\n\n``^ $ * . [ ] { } ( ) ? \" ! @ # % & / \\ , \u003e \u003c ' : ; | _ ~ ```\n\nBefore you begin\n----------------\n\n- Install the [admin SDK](/identity-platform/docs/install-admin-sdk)\n\nEnforcement modes\n-----------------\n\nYou can enable password policy enforcement in two modes:\n\n- Require: Attempts to sign up fail until the user updates to a password that complies with your policy.\n- Notify: Users are allowed to sign up with a non-compliant password. Any\n missing criteria needed to satisfy the policy are returned. Criteria returned\n include:\n\n - `MISSING_LOWERCASE_CHARACTER`\n - `MISSING_UPPERCASE_CHARACTER`\n - `MISSING_NUMERIC_CHARACTER`\n - `MISSING_NON_ALPHANUMERIC_CHARACTER`\n - `MINIMUM_PASSWORD_LENGTH`\n - `MAXIMUM_PASSWORD_LENGTH`\n\n | **Note:** Password criteria parameters are not available in the client SDK. See [Enforcing on the client side](#enforcing_on_the_client_side) for how to validate passwords using the client SDK.\n\n You can send this information to the user to inform them to update their\n password. The following example shows a response containing missing\n password criteria: \n\n {\n \"kind\": \"identitytoolkit#VerifyPasswordResponse\",\n \"localId\": \"CJL1i2\",\n \"email\": \"cloudysanfrancisco@gmail.com\",\n \"displayName\": \"\",\n \"idToken\": \"ID_TOKEN\",\n \"registered\": true,\n \"userNotifications\": [\n {\n \"notificationCode\": \"MISSING_NUMERIC_CHARACTER\",\n \"notificationMessage\": \"Password must contain a numeric character\"\n },\n {\n \"notificationCode\": \"MISSING_NON_ALPHANUMERIC_CHARACTER\",\n \"notificationMessage\": \"Password must contain a non-alphanumeric character\"\n }\n ]\n }\n\nNew users are required to choose a password that complies with your policy.\nIf you have active users, we recommend not enabling force upgrade on sign in\nunless you intend to immediately enforce the password policy. Instead, use\nnotify mode, which allows users to sign in with their current passwords\nand sends notifications that detail the requirements their password lacks.\n\nWhen you enable enforcement, set `forceUpgradeOnSignin` to `true` to enable enforcement\nin require mode. Set it to `false` to enable enforcment in notify mode.\n\nEnable enforcement\n------------------\n\nTo enforce a password policy, do the following:\n\n1. If you haven't already done so, configure [email and password sign-in](/identity-platform/docs/quickstart-email-password).\n2. To enforce a password policy at the project level, run the following:\n\n import { getAuth } from 'firebase-admin/auth';\n\n // Update project config with password policy config\n getAuth().projectConfigManager().updateProjectConfig({\n passwordPolicyConfig: {\n enforcementState: 'ENFORCE',\n forceUpgradeOnSignin: true,\n constraints: {\n requireUppercase: true,\n requireLowercase: true,\n requireNonAlphanumeric: true,\n requireNumeric: true,\n minLength: \u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-nx\"\u003eMIN_PASSWORD_LENGTH\u003c/span\u003e\u003c/var\u003e,\n maxLength: \u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-nx\"\u003eMAX_PASSWORD_LENGTH\u003c/span\u003e\u003c/var\u003e,\n },\n },\n })\n\n Replace the following:\n - \u003cvar translate=\"no\"\u003eMIN_PASSWORD_LENGTH\u003c/var\u003e: the minimum required password length\n - \u003cvar translate=\"no\"\u003eMAX_PASSWORD_LENGTH\u003c/var\u003e: the maximum required password length\n3. To enforce a password policy at the tenant level, run the following:\n\n import { getAuth } from 'firebase-admin/auth';\n\n // Update project config with password policy config\n getAuth().tenantManager().createTenant({\n displayName: \"admin-tenant\",\n passwordPolicyConfig: {\n enforcementState: 'ENFORCE',\n forceUpgradeOnSignin: true,\n constraints: {\n requireUppercase: true,\n requireLowercase: true,\n requireNonAlphanumeric: true,\n requireNumeric: true,\n minLength: \u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-nx\"\u003eMIN_PASSWORD_LENGTH\u003c/span\u003e\u003c/var\u003e,\n maxLength: \u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-nx\"\u003eMAX_PASSWORD_LENGTH\u003c/span\u003e\u003c/var\u003e,\n },\n },\n })\n\nDisable enforcement\n-------------------\n\n1. To disable password policy enforcement at the project level, run the following:\n\n import { getAuth } from 'firebase-admin/auth';\n\n // Update project config with password policy config\n getAuth().projectConfigManager().updateProjectConfig({\n passwordPolicyConfig: {\n enforcementState: 'OFF',\n },\n })\n\n2. To disable password policy enforcement at the tenant level, run the following:\n\n import { getAuth } from 'firebase-admin/auth';\n\n // Update tenant config with password policy config\n getAuth().tenantManager().updateTenant(\u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-nx\"\u003eTENANT\u003c/span\u003e\u003cspan class=\"devsite-syntax-o\"\u003e-\u003c/span\u003e\u003cspan class=\"devsite-syntax-nx\"\u003eID\u003c/span\u003e\u003c/var\u003e, {\n passwordPolicyConfig: {\n enforcementState: 'OFF',\n },\n })\n\n Replace `TENANT-ID` with the tenant ID you want to disable a\n password policy for.\n\nEnforcing on the client side\n----------------------------\n\nPasswords can be validated against the password policy for the project or a tenant\non the client side before submission. \n\n import { getAuth, validatePassword } from 'firebase/auth';\n\n const auth = getAuth();\n auth.tenantId = \u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-nx\"\u003eTENANT\u003c/span\u003e\u003cspan class=\"devsite-syntax-o\"\u003e-\u003c/span\u003e\u003cspan class=\"devsite-syntax-nx\"\u003eID\u003c/span\u003e\u003c/var\u003e;\n\n const status = await validatePassword(auth, 'password').catch((error) =\u003e {\n // Password could not be validated.\n });\n const policy = status.passwordPolicy;\n\n // Use the status and policy to show what requirements are met and which are missing."]]
