Follow-up to T111486, it was reported that emails are not getting set for newly created user accounts via the sandbox api. I tried to give a quick shot to investigate this, but got stuck at not having email field in AuthenticationRequest::loadFromSubmission but having it in UserDataAuthenticationRequest::getFieldInfo which gets called somewhere later.
Maybe that should be fixed in AuthManager? Omitting optional fields from the array seems convenient when programmatically creating requests. Or maybe we could log something to make it less surprising - the current code treats missing array fields as an error condition but doesn't behave the way you would except from error-handling code.
UserDataAuthenticationRequest as a whole is optional, so there's no error if it fails to load. But the default loading for AuthenticationRequests insists on all (non-checkbox) fields being present in the submission even if optional, because otherwise there's no way to differentiate "Request wasn't submitted" and "Request was submitted but all fields were empty/default" if something needs to do that.
It's not all fields in this case though. But I guess with potential overlaps between different requests, the sanest way the case when some fields are missing but others are not is to assume that the present ones are for some other request.
Exactly. For example, PasswordDomainAuthenticationRequest has 'username', 'password', 'retype', and 'domain' fields (depending on the action), but if 'domain' is missing it's still a valid PasswordAuthenticationRequest and if all except 'username' are missing it could still be a UsernameAuthenticationRequest.
I'm not planning on any. I don't know if @Tgr is thinking of trying anything.