|
| 1 | +--- |
| 2 | +page_id: 57fc3195-6437-4165-b618-d5cf524f1912 |
| 3 | +title: Tutorial - Password validation check |
| 4 | +sidebar: |
| 5 | + order: 20 |
| 6 | +relatedArticles: |
| 7 | + - 56db51a5-5542-4631-8bc6-36339a813a85 |
| 8 | + - f499ebb0-d7f5-4244-bf92-6bf0f6082b62 |
| 9 | +description: Learn how to implement a custom password validation workflow in Kinde. |
| 10 | +topics: |
| 11 | + - "workflows" |
| 12 | + - "example-workflows" |
| 13 | + - "authentication" |
| 14 | +sdk: "kinde infrastructure" |
| 15 | +languages: |
| 16 | + - "TypeScript" |
| 17 | + - "JavaScript" |
| 18 | +audience: |
| 19 | + - "developers" |
| 20 | +complexity: "intermediate" |
| 21 | +keywords: |
| 22 | + - "user registration" |
| 23 | + - "authentication triggers" |
| 24 | + - "custom password" |
| 25 | + - "special characters" |
| 26 | +updated: "2025-11-05" |
| 27 | +featured: false |
| 28 | +deprecated: false |
| 29 | +ai_summary: "Learn how to implement a custom password validation workflow in Kinde." |
| 30 | +--- |
| 31 | + |
| 32 | + |
| 33 | +Kinde enforces essential password safety rules out of the box, such as a minimum length and checks against the most common passwords. But what if your application requires more specific password policies, like enforcing uppercase letters, numbers, or special characters? |
| 34 | + |
| 35 | +In this guide, you’ll implement a **custom password validation workflow** in Kinde using its flexible workflow engine. This feature lets you define exactly how strict (or lenient) your password rules should be, and display custom error messages right on the Kinde sign-up or login widget. |
| 36 | + |
| 37 | +## What you need |
| 38 | + |
| 39 | +- A [Kinde account](https://kinde.com/) (Sign up for free) |
| 40 | +- A [GitHub account](https://github.com/) (Sign up for free) |
| 41 | +- A running Kinde project such as the [Kinde Next.js starter kit](https://github.com/kinde-starter-kits/kinde-nextjs-app-router-starter-kit) |
| 42 | + |
| 43 | +## Step 1: Create the workflow code |
| 44 | + |
| 45 | +1. Fork the [workflow base template](https://github.com/kinde-starter-kits/workflow-base-template) repo into your GitHub account by selecting **Use this template > Create a new repository** |
| 46 | +2. Clone the repo into your computer with the following Git command: |
| 47 | + |
| 48 | + ```bash |
| 49 | + git clone https://github.com/your_github_username/workflow-base-template.git |
| 50 | + ``` |
| 51 | + |
| 52 | +3. Change into the directory: |
| 53 | + |
| 54 | + ```bash |
| 55 | + cd workflow-base-template |
| 56 | + ``` |
| 57 | + |
| 58 | +4. Create a new workflow directory with the following command. |
| 59 | +You can name it anything that resonates with your project structure; we are calling it `newPasswordValidation` |
| 60 | + |
| 61 | + ```bash |
| 62 | + mkdir kindeSrc/environment/workflows/newPasswordValidation |
| 63 | + ``` |
| 64 | + |
| 65 | +5. Create a new `Workflow.ts` file: |
| 66 | + |
| 67 | + ```bash |
| 68 | + touch kindeSrc/environment/workflows/newPasswordValidation/Workflow.ts |
| 69 | + ``` |
| 70 | + |
| 71 | +6. Open the new file with your favorite code editor (e.g., VS Code) and add the following workflow code into the file and save changes: |
| 72 | + |
| 73 | + ```tsx |
| 74 | + import { |
| 75 | + onNewPasswordProvidedEvent, |
| 76 | + WorkflowSettings, |
| 77 | + WorkflowTrigger, |
| 78 | + invalidateFormField, |
| 79 | + } from "@kinde/infrastructure" |
| 80 | + |
| 81 | + // The setting for this workflow |
| 82 | + export const workflowSettings: WorkflowSettings = { |
| 83 | + id: "onNewPasswordProvided", |
| 84 | + name: "New Password Entered", |
| 85 | + trigger: WorkflowTrigger.NewPasswordProvided, |
| 86 | + failurePolicy: { |
| 87 | + action: "stop", |
| 88 | + }, |
| 89 | + bindings: { |
| 90 | + "kinde.widget": {}, // Required for accessing the UI |
| 91 | + }, |
| 92 | + } |
| 93 | + |
| 94 | + function customPasswordValidator(password: string) { |
| 95 | + const hasUppercase = /[A-Z]/.test(password) |
| 96 | + const hasLowercase = /[a-z]/.test(password) |
| 97 | + const hasNumber = /[0-9]/.test(password) |
| 98 | + const hasSpecialChar = /[!@#$%^&*(),.?":{}|<>]/.test(password) |
| 99 | + |
| 100 | + if (!hasUppercase) { |
| 101 | + return "Password must include at least one uppercase letter." |
| 102 | + } |
| 103 | + if (!hasLowercase) { |
| 104 | + return "Password must include at least one lowercase letter." |
| 105 | + } |
| 106 | + if (!hasNumber) { |
| 107 | + return "Password must include at least one number." |
| 108 | + } |
| 109 | + if (!hasSpecialChar) { |
| 110 | + return "Password must include at least one special character." |
| 111 | + } |
| 112 | + return null // valid password |
| 113 | + } |
| 114 | + |
| 115 | + // The workflow code to be executed when the event is triggered |
| 116 | + export default async function Workflow(event: onNewPasswordProvidedEvent) { |
| 117 | + const { firstPassword } = event.context.auth |
| 118 | + const invalidMessage = customPasswordValidator(firstPassword) |
| 119 | + |
| 120 | + if (invalidMessage) { |
| 121 | + // Custom form validation |
| 122 | + invalidateFormField("p_first_password", invalidMessage) |
| 123 | + } |
| 124 | + } |
| 125 | + ``` |
| 126 | + |
| 127 | + Optional: Install the Kinde infrastructure dependency with the following bash command for TypeScript intellisense. |
| 128 | + |
| 129 | + ```bash |
| 130 | + npm install |
| 131 | + ``` |
| 132 | + |
| 133 | +7. Run the following git commands in your terminal to push the changes to your GitHub repo: |
| 134 | + |
| 135 | + ```bash |
| 136 | + git add . |
| 137 | + git commit -m "add new password validation workflow" |
| 138 | + git push |
| 139 | + ``` |
| 140 | + |
| 141 | + |
| 142 | +### Code explanation |
| 143 | + |
| 144 | +Here’s a quick breakdown of what the code does. |
| 145 | + |
| 146 | +**Imports** |
| 147 | + |
| 148 | +The top of the file brings in useful methods and types from the `@kinde/infrastructure` package, including `onNewPasswordProvidedEvent`, `WorkflowSettings`, and `invalidateFormField`. |
| 149 | + |
| 150 | +**Workflow settings** |
| 151 | + |
| 152 | +The `workflowSettings` object defines when and how the workflow runs. |
| 153 | + |
| 154 | +- It's triggered by the `NewPasswordProvided` event, meaning it runs whenever a user enters a new password. |
| 155 | +- The `name` field ("New Password Entered") helps you easily identify this workflow in the Kinde dashboard. |
| 156 | +- The `bindings` section (`"kinde.widget"`) gives the workflow access to the Kinde sign-in form UI. |
| 157 | + |
| 158 | +**Password validation logic** |
| 159 | + |
| 160 | +The `customPasswordValidator` function checks that the password meets all of your custom rules: |
| 161 | + |
| 162 | +- At least one **uppercase** letter |
| 163 | +- At least one **lowercase** letter |
| 164 | +- At least one **number** |
| 165 | +- At least one **special character** |
| 166 | + |
| 167 | +You can easily update this logic to match your app’s specific requirements. |
| 168 | + |
| 169 | +**Main workflow function** |
| 170 | + |
| 171 | +The default `Workflow` function runs each time the `NewPasswordProvided` event is triggered. |
| 172 | + |
| 173 | +It grabs the user's input, validates the password using your custom logic, and if it fails, calls `invalidateFormField()` to show an error message right in the Kinde UI. |
| 174 | + |
| 175 | +## Step 2: Deploy the workflow code |
| 176 | + |
| 177 | +1. Sign in to your [Kinde dashboard](https://kinde.com/) and select **Workflows** from the sidebar. |
| 178 | +2. If you already have your workflow repo connected, go straight to step 4. |
| 179 | +3. Select **Connect repo > Connect GitHub** and follow the onboarding flow to authorize Kinde to access your GitHub account. |
| 180 | + |
| 181 | +  |
| 182 | + |
| 183 | +4. From the dropdown, select your GitHub repository that contains the Kinde workflow code, choose the `main` branch, and click **Next**. |
| 184 | + |
| 185 | + If you already have a repo connected and want to change it, go to **Kinde > Settings > Git repo > Change repo.** |
| 186 | + |
| 187 | +5. Select **Sync code** to pull your latest workflow code from GitHub into your Kinde project. |
| 188 | +You’ll now see your workflow listed inside the dashboard. |
| 189 | + |
| 190 | +  |
| 191 | + |
| 192 | + |
| 193 | +## Step 3: Test the workflow |
| 194 | + |
| 195 | +1. Sign in to your [Kinde dashboard](https://kinde.com/) and select **View details** for the one you are testing. |
| 196 | +2. Go to **Authentication** and uncheck **Email + code** and check **Email + password** auth method, and select **Save**. |
| 197 | + |
| 198 | + By default, Kinde uses passwordless connection, so to test this workflow, we are enabling it. |
| 199 | + |
| 200 | +  |
| 201 | + |
| 202 | +3. Start your project and go through the sign-up flow. When you enter a weak or invalid password, your custom error messages will appear directly in the Kinde sign-up widget, giving users instant feedback based on your validation rules. |
| 203 | + |
| 204 | +  |
| 205 | + |
| 206 | + |
| 207 | +### Phew! All done. |
| 208 | + |
| 209 | +You’ve just built and deployed a custom password validation workflow in Kinde! |
| 210 | + |
| 211 | +With this setup, you now have full control over the strength and structure of user passwords in your application. Whether you're enforcing security best practices or meeting specific compliance needs, Kinde workflows make it easy to extend the platform with custom logic, without compromising on developer experience. |
| 212 | + |
| 213 | +Check out additional workflow examples in the official [Kinde workflow base template repository](https://github.com/kinde-starter-kits/workflow-base-template). |
0 commit comments