Custom password field properties

[jmikrut]

We should allow developers to declare a custom Password field on auth-enabled collections, wherein properties such as validate and similar are merged into our base Password field.

This would be useful to create custom password validations, etc.

[iakshay]

On a related note: It seems like there is no way to opt out of password strategy and if one implements a custom strategy one has to use a different collection for authentication or populate a random password. As in the google-one-tap strategy here -

https://github.com/ScottEAdams/payload-plugin-google-one-tap/blob/main/src/payload/strategy.ts#L49

If a user is created with a strategy X, ideally we would also want to prevent them from logging in with password. I guess this might be possible with beforeLogin hook.

Would be nice to clean things up here, so password is the default strategy but still possible to opt-out of it.

[DanRibbens]

Custom validation is fully implemented and documented here: https://payloadcms.com/docs/fields/overview#validation

[MarvinVrdoljak]

Yes, but can't validate a user's password like this or am I wrong? You can't even set a new password field. Type password is not a valid field type.

[josa-languagewire]

I'm interested in a field type "password" too but I can find nothing in the Payload documentation or discord.
Any hints?

[MarvinVrdoljak]

@josa-languagewire Write your own custom field: https://payloadcms.com/blog/building-a-custom-field

[josa-languagewire]

I know... this is always an option, but I just find it weird there is not a solution already for such a common use case.
I field type "secret/password" should be handling both encryption and not showing the value but allowing to update it for a new one in some cases...