https://supertokens.com/ logo
sign up and sign using hashed password instead of plain text
l

LW

04/28/2023, 5:32 AM
hey @rp , is it possible to send bcrypt hashed password into the default sign in middleware from supertokens? so password value would be hashed using bcrypt, instead of sending plain text passwords like this:
json
{
    "formFields": [
        {
            "id": "email",
            "value": "test@gmail.com"
        },
        {
            "id": "password",
            "value": "$2a$11$Ri5J/J2Vkaawg9c5zj2ihubnEg8YaS8jY.Qs7THtD.ZvwZXea8r4K"
        }
    ]
}
or we could just override the original implementation from this doc? and get the hashed password from the FE, and decrypt it in the backend? and override the values there? https://supertokens.com/docs/emailpassword/common-customizations/handling-signup-success
r

rp

04/28/2023, 5:45 AM
you can't really decrypt a hash..
but you can override the function to call the password hash import API instead when the input is a password hash
checkout our migration docs
l

LW

04/28/2023, 5:49 AM
great, thanks let me check the migration docs