Method: getPasswordPolicy

Gets password policy config set on the project or tenant.

HTTP request

GET https://identitytoolkit.googleapis.com/v2/passwordPolicy

The URL uses gRPC Transcoding syntax.

Query parameters

Parameters
tenantId

string

The id of a tenant.

Request body

The request body must be empty.

Response body

Configuration for password policy.

If successful, the response body contains data with the following structure:

JSON representation 
{
 "customStrengthOptions": {
 object (CustomStrengthOptions )
 },
 "schemaVersion": integer,
 "allowedNonAlphanumericCharacters": [
 string
 ],
 "enforcementState": enum (EnforcementState ),
 "forceUpgradeOnSignin": boolean
}
Fields
customStrengthOptions

object (CustomStrengthOptions )

The custom strength options enforced by the password policy.
schemaVersion

integer

Output only. schema version number for the password policy
allowedNonAlphanumericCharacters[]

string

Output only. Allowed characters which satisfy the non_alphanumeric requirement.
enforcementState

enum (EnforcementState )

Output only. Which enforcement mode to use for the password policy.
forceUpgradeOnSignin

boolean

Users must have a password compliant with the password policy to sign-in.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/identitytoolkit
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

CustomStrengthOptions

Custom strength options to enforce on user passwords.

JSON representation 
{
 "minPasswordLength": integer,
 "maxPasswordLength": integer,
 "containsLowercaseCharacter": boolean,
 "containsUppercaseCharacter": boolean,
 "containsNumericCharacter": boolean,
 "containsNonAlphanumericCharacter": boolean
}
Fields
minPasswordLength

integer

Minimum password length. Range from 6 to 30
maxPasswordLength

integer

Maximum password length. No default max length
containsLowercaseCharacter

boolean

The password must contain a lower case character.
containsUppercaseCharacter

boolean

The password must contain an upper case character.
containsNumericCharacter

boolean

The password must contain a number.
containsNonAlphanumericCharacter

boolean

The password must contain a non alpha numeric character.

EnforcementState

Enforcement state for the password policy

Enums
ENFORCEMENT_STATE_UNSPECIFIED Enforcement state has not been set.
OFF Password Policy will not be used on the project.
ENFORCE Passwords non-compliant with the password policy will be rejected with an error thrown.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025年05月30日 UTC.