fix(ui): Redirect users with long imported passwords to reset password

[dmoerner]

Description

User passwords imported with insecure hashers are automatically migrated to bcrypt by the Clerk backend. However, there is a maximum length to a bcrypt password because hashing is computationally intensive. Users with too long imported passwords would encounter an error on login. The backend error handling has been improved for this case; capture the backend error and direct the user to the reset password flow.

Feedback on the exact text would be welcome; I felt that a title like "Password too long" was weird and used the more generic "Password must be reset", but I'm happy to adjust this.

Fixes USER-4417

Before:

After:

Checklist

• pnpm test runs as expected.
• pnpm build runs as expected.
• (If applicable) JSDoc comments have been added or updated for any package exports
• (If applicable) Documentation has been updated

Type of change

• 🐛 Bug fix
• 🌟 New feature
• 🔨 Breaking change
• 📖 Refactoring / dependency upgrade / documentation
• other:

Summary by CodeRabbit

Release Notes

• New Features
  • Added a new password reset flow for imported users whose passwords are too long to use, providing reset options via email or SMS.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[changeset-bot]

🦋 Changeset detected

Latest commit: cb78dd3

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 2 packages

Name	Type
@clerk/ui	Minor
@clerk/chrome-extension	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
clerk-js-sandbox	Ready	Preview, Comment	Jan 17, 2026 6:14pm

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request adds support for handling the password_too_long_needs_reset error condition across the Clerk authentication UI. A new helper function detects this error type, and updated type definitions add the corresponding localization keys. The SignIn component now recognizes this condition as a distinct flow mode (passwordTooLong), treating it similarly to compromised or pwned password scenarios by routing users to a password reset flow. Localization entries provide user-facing messages for the error condition. Test cases verify that users encountering overly long imported passwords are prompted to reset their passwords through email or phone verification methods.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 33.33% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title accurately summarizes the main change: redirecting users with long imported passwords to a reset password flow, which is the primary objective of this changeset.
Linked Issues check	✅ Passed	The PR fully implements USER-4417 requirements: detects the password_too_long_needs_reset error, adds UI handling for this case, directs users to password reset flow similar to compromised password handling, includes appropriate localization, and adds comprehensive test coverage.
Out of Scope Changes check	✅ Passed	All changes are directly related to USER-4417 objectives. The PR includes error detection, UI mode/flow handling, localization entries, type definitions, helper functions, and test cases—all necessary for implementing the password-too-long error handling and reset flow redirection.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[pkg-pr-new]

Open in StackBlitz

@clerk/agent-toolkit

npm i https://pkg.pr.new/@clerk/agent-toolkit@7617

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@7617

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@7617

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@7617

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@7617

@clerk/dev-cli

npm i https://pkg.pr.new/@clerk/dev-cli@7617

@clerk/expo

npm i https://pkg.pr.new/@clerk/expo@7617

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@7617

@clerk/express

npm i https://pkg.pr.new/@clerk/express@7617

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@7617

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@7617

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@7617

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@7617

@clerk/react

npm i https://pkg.pr.new/@clerk/react@7617

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@7617

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@7617

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@7617

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@7617

@clerk/ui

npm i https://pkg.pr.new/@clerk/ui@7617

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@7617

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@7617

commit: cb78dd3