Daniel DeGroff

We could add an API to check if a user is rate limited, and also show that status in the User Manage panel in the UI. Would this help?

Ok, thanks @chimericdream -makes perfect sense. Appreciate the feedback. We should be able to get this into plan.

Thanks @epbensimpson for the request. To clarify your request, you asking for a behavior change such that: When you call the Forgot Password API `/api/user/forgot-password` with `sendForgotPasswordEmail: false`(which means you...

Fixes: - Support both `application/json` and `appllication/scim+json` for `Content-Type` on the request. - Azure uses `Expect: 100-continue` on a `POST` request, ensure we handle this state correctly - Provide minimal...

Per discussion in #1450 and #1557 we could just update the doc to indicate that the current configuration causes the password to be re-hashed anytime we have the option to...

Thanks @whiskerch for the feedback. We'll likely add a policy of some sort to allow 2FA to be configured as required.

Not sure if we should keep this one open or not. We now have self service two-factor enablement. Once we work through the policy options for two-factor we can revisit....

> Apparently the hashed password stored on our database is at least 1000+ characters in length which causes the migration API to fail since the maximum character length for password...

The difference in output length from this is example is due to the key length unit being in bytes instead of bits. In your example you have set the `keylen...

Internal notes: We should probably change the data type of this column, we'll want to do a bunch of migration test to see how long it will take to make...