An August 24 change to `lib/moodlelib.php` has broken functionality for several auth plugins, namely that a user can no longer be created with a null password.  This was the behavior for both Microsoft's OAuth plugin and the ADL Initiative's JWT plugin, neither of which are currently working without either changing the Moodle codebase or creating a dummy password on their behalf.

https://github.com/moodle/moodle/commit/07af783b9a9cff38d54192ea0b91175c9679d35e#diff-eb2182360f278d0c6d57c0a31237e3d1288024df1c21dd32609a731916ece2eeR4699

The notion of a null password made perfect sense for these plugins, as the user does not have a conventional password, nor should they be permitted to guess a randomly generated one through the default login mechanism.  This also raises the possibility of pipeline tools flagging an auth plugin due to a password property being set explicitly.

The current approach is to simply use the placeholder password and disallow all users from accessing the site through the manual flow.

My main concern is that this change did not seem to be documented anywhere in the change / upgrade logs from our previous version 4.2 to the current 4.3.  As this is quite literally a breaking change, I would like to see it mentioned somewhere so that other teams can prepare accordingly when planning their updates.

Thanks,
-Trey