I’m working on an Oauth2 authentication implementation where I need to provide content access to external users authenticated against an Oauth2 server which provides me with user info. From my understanding of Drupal’s user system, this requires me to create a local user populated with the information provided via the API. I’ve been looking at the user_external_login_register function and it looks like one of the expected user fields is a password. In my case, since the users are authenticating against an external server, the only validation info I have for them is the auth token, and it would actually defeat the purpose for me to have their password. So, should I provide a dummy password?