Passwords generated by CB Connect

When a user sign up with their Facebook account through CB Connect, presumably a random password is generated for them.

How do they find out what this password is? On the pending email the password is encrypted (shown as [PASSWORD]).

The situation is that we don't want the users to sign in using Facebook, but only to register an account (to speed up the sign up process). However, without them knowing their password, they can't log in?

CB Connect doesn't sending a pending email unless you enable confirmation within CB Connect in which case you should be able to have [password] in the pending email within CB > Configuration > Registration otherwise if no confirmation or approval is enabled it'd need to be in the welcome email. This however isn't a usecase that was taken into consideration when developing the plugin so you may have mixed results trying to force it.

When a user sign up with their Facebook account, shouldn't they get a password to login?

We have enabled and disabled email confirmation but with the same result: in the pending or the welcome email, the password is shown as [PASSWORD].

If a user sign up through the normal method, the password they filled in the registration form will show in the pending/welcome email.

When a user sign up with their Facebook account, shouldn't they get a password to login?

Yes, they're given a randomly generated one, but in normal usecases it isn't needed as CB Connect handles the entire login process.

We have enabled and disabled email confirmation but with the same result: in the pending or the welcome email, the password is shown as [PASSWORD].

CB Connect does not set the plaintext password in the user object at any time during registration so it can never email it. There's already a bug ticket to fix this to allow for this usecase. For now you can either allow login with CB Connect or use the pre-filled mode to pre-fill registration.

forge.joomlapolis.com/issues/6404