The request control allows you to indicate the context in which the password is provided (for example, whether it’s an add request, a self password change, or an administrative password reset) because the requirements can vary in different circumstances.

The extended result includes a list of the requirements the server will impose, including a human readable description for each and an optional name and set of properties that can allow for some client-side validation. The result might also indicate whether the user is required to provide their current password, whether they are required to choose a new password after the add or administrative reset, and how long a new password is valid before it expires.