Is your password longer than 60 characters? If so, you should know that your actual password was truncated to 60 chars at the time of account creation. You won’t notice on the website because the login webform automatically truncates characters beyond the limit, but most 3rd-party apps don’t do this because it’s an undocumented thing.
Basically, my advice would be to update the password in your password manager to be truncated to 60 characters and then try logging in with the app again.
What kind of maniac would use a password that’s longer than 60 characters?
I get that password managers are standard now, but anything outside the norm is just asking for trouble. I vividly remember updating a client’s webfrom to reject emojis in passwords, because for some reason people started using them and it wrecked havoc in the backend.
Personally I would consider truncating passwords or even having password max length problematic. First of all you will need to update the length as soon as it would be considered too short, not to mention all the passwords you now need to migrate. It can also imply that you’re not using standard techniques for password storage.
Oh man, the feeling of solving an obscure issue on the first try without having to ask for any extra hints: chef’s kiss. I’m glad I could be of assistance!
Nah, I was just playing around with the API and spent the better part of a day trying to figure out why authentication wasn’t working for me (I’d been using a 64 character password 🤦)
By which component is the password truncated on account-creation? Imo, the web UI shouldn’t do that without at least warning the user. Such long passwords might be a corner-case, but if the UI changes the password in any way before submitting it to the server, I think the user should see a big fat red notification. What if an account was created using a different client? The user wouldn’t be able to log in using the web-ui because the web-ui refuses to send the unmodified password?
If the password is truncated server-side during account creation, the server should do the same during login, the UI or client wouldn’t even have to know about it.
In any case, this is a lemmy UI thing, though the backend isn’t helping when it reports a generic bad password error instead of notifying the client that the provided password was technically impossible:
Issue regarding the ui silently truncating the password: lemmy-ui/#1120
Issue regarding the backend error issue: lemmy/#3284
Is your password longer than 60 characters? If so, you should know that your actual password was truncated to 60 chars at the time of account creation. You won’t notice on the website because the login webform automatically truncates characters beyond the limit, but most 3rd-party apps don’t do this because it’s an undocumented thing.
Basically, my advice would be to update the password in your password manager to be truncated to 60 characters and then try logging in with the app again.
What kind of maniac would use a password that’s longer than 60 characters?
I get that password managers are standard now, but anything outside the norm is just asking for trouble. I vividly remember updating a client’s webfrom to reject emojis in passwords, because for some reason people started using them and it wrecked havoc in the backend.
Personally I would consider truncating passwords or even having password max length problematic. First of all you will need to update the length as soon as it would be considered too short, not to mention all the passwords you now need to migrate. It can also imply that you’re not using standard techniques for password storage.
That was actually the thing, thanks a lot.
Oh man, the feeling of solving an obscure issue on the first try without having to ask for any extra hints: chef’s kiss. I’m glad I could be of assistance!
I am very glad, also impressed by that detailed knowledge, are you working on/with lemmy? I’d whip out an award, but here are only poor men awards 🏅🏆
Nah, I was just playing around with the API and spent the better part of a day trying to figure out why authentication wasn’t working for me (I’d been using a 64 character password 🤦)
By which component is the password truncated on account-creation? Imo, the web UI shouldn’t do that without at least warning the user. Such long passwords might be a corner-case, but if the UI changes the password in any way before submitting it to the server, I think the user should see a big fat red notification. What if an account was created using a different client? The user wouldn’t be able to log in using the web-ui because the web-ui refuses to send the unmodified password?
If the password is truncated server-side during account creation, the server should do the same during login, the UI or client wouldn’t even have to know about it.
I agree that it’s stupid and needs to be changed.
In any case, this is a lemmy UI thing, though the backend isn’t helping when it reports a generic bad password error instead of notifying the client that the provided password was technically impossible: