I managed to configure LDAP as auth method and managed to “create” a user with a POST request to the users endpoint: the server responded as reported in the documentation.
I noticed though that a subsequent request to the same endpoint returns a contract similar to the endpoint users/me with the sessionToken header.
The thing that I find disturbing is that the returned contract contains an authData section with my domain password in plain text, which also means that the password is stored as plain text in the database, confirmed by exploring the _User collection.
I managed to configure LDAP as auth method and managed to “create” a user with a POST request to the users endpoint: the server responded as reported in the documentation.
I noticed though that a subsequent request to the same endpoint returns a contract similar to the endpoint users/me with the sessionToken header.
The thing that I find disturbing is that the returned contract contains an authData section with my domain password in plain text, which also means that the password is stored as plain text in the database, confirmed by exploring the _User collection.