Robin Shen [16/Jun/23 07:13 AM] Unfortunately this is not possible, as QB does not store password hash (both for security and management purpose) for users authenticating through external authentcators, and hence has no way to know if user credential is correct or not.

Nguyen Duc Long [16/Jun/23 07:50 AM] Please add this to SecurityHelper.authenticate(String, String, String) function. Changes from ``` if (user != null){     if (uesr.isRood()){     }     if (uesr.getAuthenticator()!=null){     }     if (lastAuthentication != null){         move lastAuthentication to first of authentications list     }     foreach(authentications) } else { } ``` to ``` if (user != null){     if (uesr.isRood()){     }     if (uesr.getAuthenticator()!=null){     }     if (lastAuthentication != null){         move lastAuthentication to first of authentications list     }     foreach(authentications) -> fail all -> check database } else { } ```

Nguyen Duc Long [16/Jun/23 07:54 AM] With the method of authentication using accounts and passwords, QB has a save the passwordHash. if (result != null) { ...... if (passwordHash != null && !passwordHash.equals(user.getPassword())) { user.setPassword(passwordHash); CacheManager.instance.onPasswordUpdated(user.getId()); userUpdated = true; } ...... }

Robin Shen [16/Jun/23 09:46 AM] Sorry I remembered it incorrectly. With password hash being stored, it is trivial to add this improvement. Will be available in next patch release.