Start a new topic
Answered

username should not be case sensitive

On the iOS SDK it appears that the user name is case sensitive and it should not be. I checked the forums and there was an entry here titled "I think User Discovery should not be case sensitive" (https://support.kinvey.com/support/discussions/topics/5000040933) which has made 3 years ago and there's a comment about making it a feature request, but it appears that feature request has never been implemented.


The log in username should not be case sensitive. For example. if I create an account with a user name of "username@gmail.com" but then try to log in as "UserName@gmail.com" the login will fail because it's doing a case sensitive check of the user name and it should not.


Currently I work around this issue by converting the username to all lowercase when the account is created and when the user tries to log in. Also note that in my situation I use the email address as the username, but I store the email address and username separately. Regardless, user names should never be case sensitive. Only passwords should be case sensitive.


Best Answer

Hello Xavier,


As Pranav has mentioned, after consulting with Product and Engineering, case sensitive user names were implemented by design. At this point in time there are no plans to change this.


Case sensitive usernames adds a layer of security to credentials and login.


If you have a significant requirement for case in-sensitive usernames, the best way to do it would be for you to implement this on the client side or in Business Logic. A couple of options to do so are as follows.


1) When the user is created, implement Business Logic that automatically converts the username to lowercase.


2) In the client, you can convert the username to lowercase before sending it on login.


We hope that this helps. Please let us know if you have any questions.


Regards,


Billy Gee




Xavier,


We are case sensitive by design but I will discuss this scenario with the backend team and get back to you with more information.


Thanks,

Pranav

Kinvey

Answer

Hello Xavier,


As Pranav has mentioned, after consulting with Product and Engineering, case sensitive user names were implemented by design. At this point in time there are no plans to change this.


Case sensitive usernames adds a layer of security to credentials and login.


If you have a significant requirement for case in-sensitive usernames, the best way to do it would be for you to implement this on the client side or in Business Logic. A couple of options to do so are as follows.


1) When the user is created, implement Business Logic that automatically converts the username to lowercase.


2) In the client, you can convert the username to lowercase before sending it on login.


We hope that this helps. Please let us know if you have any questions.


Regards,


Billy Gee



Appreciate the quick response. You might add to the documentation for the API that it's built that way be design as I found out only by accident and a developer might run in to the situation where an app ships and they are not aware it's case sensitive login.


Cheers.

Hello Xavier,


That is an excellent suggestion. I will create an engineering escalation to recommend changes to our documentation regarding this toopic.


Regards,


Billy Gee

Login or Signup to post a comment