Why is the local auth provider gated by the email.enabled setting? (in strapi-plugin-users-permissions)

System Information
  • Strapi Version: HEAD (but I’m on v3.6.5)
  • Operating System: Any (but I’m on LInux)
  • Database: Any (but I’m using Mongo)
  • Node Version: Any (but I’m using v14.16.0)
  • NPM Version: Any (but I have v6.12.0)
  • Yarn Version: Any (but I have v1.21.1)

I have been trying to authenticate to the strapi API from another backend system.
Each time I try, to do a POST request to /auth/local (exactly as in the docs) it gives me: This provider is disabled.

I did some diffing and traced it back to this line in strapi-plugin-users-permissions: strapi/Auth.js at 8972d78e8d1783ded6089d0318bfb62aff8e6962 · strapi/strapi · GitHub

To save you the click, it reads:

      if (!_.get(await store.get({ key: 'grant' }), 'email.enabled')) {
        return ctx.badRequest(null, 'This provider is disabled.');

I have gone through the various settings, but it is not clear to me what email.enabled is (in the UI).
Furthermore, I don’t understand why something like the local auth provider would be gated by this setting. I have (as super admin) created a user, and there is no need for email whatsoever, I just want to login with this user to the API (in other words, get a token).

I commented out that line and sure enough, everything works as expected.

I’d like to understand what’s happening here, and also point out that what I’m doing is also what’s in the docs. Yet somehow I seem to have landed in a situation where my config does not allow it, though I don’t understand why.

I would appreciate if someone could clarify this for me.