Userpass with @ in the username

It looks like the userpass system does not allow a “@” character in the username. This is at odds with other auth engines like ldap which does

curl -X PUT -H "X-Vault-Token: ${VAULT_TOKEN}" -d '{"policies":"default"}' http://127.0.0.1:8200/v1/auth/userpass/users/foo@baz.io

does not work - errors with “unsupported path”

however

curl -X PUT -H "X-Vault-Token: ${VAULT_TOKEN}" -d '{"policies":"default"}' http://127.0.0.1:8200/v1/auth/ldap/users/foo@baz.io

works just fine

Is this intentional or a bug ?

I’d categorize this as intentional.

Some internal investigation shows the code regex that parses the userpass auth method inputs allow for alphanumeric, plus “_”, “-”, and “.” (underscore, hyphen and period). LDAP auth method is slightly different, perhaps to account for how different LDAP backends can be configured for what characters are permitted.

I’ll look to having some clarification added to the userpass documentation.

is there any reason not to make it consistent with ldap ?