ChaseB.77233 (Customer) asked a question.
Feature Request: Enforce all password requirements on the set password API
The Okta set password API does not enforce all of the password requirements for a user (https://developer.okta.com/docs/reference/api/users/*set-password). The API does enforce some aspects of the policy but it does not enforce the password history requirement and the API doc does not recommend using this API as part of a user flow.
We would like to have an API that enforces all of the requirements and simply takes a new password to be set for the user for both 1) initial set password during activation flow and 2) forgot password flow using our own custom OTT/custom forgot password page.
Hi Chase! Thanks for your feedback here. I would recommend creating an official Feature Request for this - check out this article to get started: https://support.okta.com/help/s/article/Okta-Ideas-Overview-FAQ