<amplify-authenticator> password weakness warning is unclear

[holtc]

Is your feature request related to a problem? Please describe.
When a user is creating an account and enters a password that is too short, an unclear error message is shown in certain cases. Say the minimum length you have set in Cognito is 8 characters. If a users tries to create an account with fewer than 6 characters, the error message shown is something like:

1 validation error detected: Value at 'password' failed to satisfy constraint: Member must have length greater than or equal to 6

However, if the password entered by the user is 6 or more characters, but shorter than the minimum length set in Cognito, something like the following error message shows up:

Password did not conform with policy: Password not long enough

Describe the solution you'd like
This is misleading, it would be great to have something similar to the first error message for all cases where the password is not long enough. I checked, and this is not available in the response sent by Cognito, so perhaps it could be added as a field in the signUpConfig.

Describe alternatives you've considered
The only alternative I can think of is to build my own UI component.

Additional context
The prebuilt component is awesome, so I'd love to keep using it!

[haverchuck]

@holtc - I think configurable error messages are a good idea. However, I think this shouldn't be done in a one-off fashion. We should implement a generic way of configuring ANY of the error messages.

[lsirivong]

Confirming that we see this too. The errors are pretty inconsistent and confusing. Here are some examples of what we see with cognito's default recommended constraints:

- Minimum length
8
Require numbers
Require special character
Require uppercase letters
Require lowercase letters

Attempting 1:

2 validation errors detected: Value at 'password' failed to satisfy constraint: Member must have length greater than or equal to 6; Value at 'password' failed to satisfy constraint: Member must satisfy regular expression pattern: ^[\S]+.*[\S]+$

Attempting 12, 123, 1234, 12345:

1 validation error detected: Value at 'password' failed to satisfy constraint: Member must have length greater than or equal to 6

Attempting 123456 or 1234567

Password did not conform with policy: Password not long enough

Attempting 12345678

Password did not conform with policy: Password must have lowercase characters

[madmed88]

It would be nice to display the password policies on the signUp page, and check them as the user is typing the password.

[jordanranz]

FYI, we have started an RFC discussion for a proposed Amplify UI Component refactor to increase customizability and flexibility for our components. Please feel free to add any additional comments to the following issue:

#3279

[skworden]

If the password is less than 6 chars it throws a InvalidParameterException.
If the password is greater than 6 and less than the user's defined length it throws InvalidPasswordException.
If the password is 1 char it throws a different messages.

Recap - 2 different error codes and three different error messages for password that is too short.

I think they should match.

[cwomack]

For anyone following this, apologies for the delayed follow up from our team. This issue was tied to a now deprecated package and shouldn't be a problem with the new Authenticator component.

I'll close this issue, but if there's similar problems experienced with the new Authenticator then please open an issue within the amplify-ui repo here.