Troubleshooting and Security

Apply password security guidance and handle common AuthOS password authentication errors

AuthOS release 0.8.2 TypeScript SDK 0.8.0 Latest-only documentation
Updated Jul 15, 2026 Edit this page
On this page

Use this guide to harden the complete password authentication sequence and map SDK failures to safe, actionable messages.

Best Practices

Password Security

  1. Client-Side Validation: Validate password strength before submission
  2. Never Log Passwords: Never log passwords in plain text
  3. HTTPS Only: Always use HTTPS in production
  4. Rate Limiting: The platform implements rate limiting on auth endpoints
  5. Secure Storage: Never store passwords in browser storage

Password Strength Requirements

Implement client-side validation to provide immediate feedback:

interface PasswordStrength {
  score: number; // 0-4
  feedback: string[];
  isStrong: boolean;
}

function checkPasswordStrength(password: string): PasswordStrength {
  const feedback: string[] = [];
  let score = 0;

  // Length check
  if (password.length >= 8) score++;
  if (password.length >= 12) score++;

  // Character variety
  if (/[a-z]/.test(password)) score++;
  if (/[A-Z]/.test(password)) score++;
  if (/[0-9]/.test(password)) score++;
  if (/[^A-Za-z0-9]/.test(password)) score++;

  // Provide feedback
  if (password.length < 8) {
    feedback.push('Use at least 8 characters');
  }
  if (!/[A-Z]/.test(password)) {
    feedback.push('Add uppercase letters');
  }
  if (!/[a-z]/.test(password)) {
    feedback.push('Add lowercase letters');
  }
  if (!/[0-9]/.test(password)) {
    feedback.push('Add numbers');
  }
  if (!/[^A-Za-z0-9]/.test(password)) {
    feedback.push('Add special characters for extra security');
  }

  return {
    score: Math.min(score, 4),
    feedback,
    isStrong: score >= 3
  };
}

// Usage in component
const strength = checkPasswordStrength(password);
console.log(`Password strength: ${strength.score}/4`);
console.log('Suggestions:', strength.feedback);

UX Considerations

  1. Clear Error Messages: Provide specific feedback for authentication failures
  2. Loading States: Show loading indicators during API calls
  3. Email Verification Reminder: Remind users to verify email if login fails
  4. Password Visibility Toggle: Let users toggle password visibility
  5. Auto-focus: Focus the appropriate input field automatically

Email Configuration

For production, configure organization-specific SMTP:

// Configure custom SMTP for your organization
await sso.organizations.setSmtp('acme-corp', {
  host: 'smtp.gmail.com',
  port: 587,
  username: 'notifications@acme.com',
  password: 'your-app-password',
  from_email: 'notifications@acme.com',
  from_name: 'Acme Corp'
});

This ensures:

  • Emails come from your domain
  • Better deliverability
  • Custom branding in emails
  • Compliance with email policies

Error Handling

import { SsoApiError } from '@drmhse/sso-sdk';

async function handleAuthError(error: unknown) {
  if (error instanceof SsoApiError) {
    switch (error.statusCode) {
      case 400:
        return 'Invalid request. Please check your input.';
      case 401:
        return 'Invalid credentials. Please try again.';
      case 403:
        return 'Email not verified. Please check your inbox.';
      case 409:
        return 'This email is already registered.';
      case 429:
        return 'Too many attempts. Please try again later.';
      case 500:
        return 'Server error. Please try again later.';
      default:
        return error.message;
    }
  }
  return 'An unexpected error occurred.';
}

// Usage
try {
  await sso.auth.login({ email, password });
} catch (error) {
  const message = await handleAuthError(error);
  showErrorToUser(message);
}

Next Steps