Sorry to hear your frustrations! It’s not a great experience to want to be able to do something and be blocked with errors. I have written a rule that will add a custom claim to your token. This is the easiest way I can think to get you the last pw reset information. Note: if a user has never reset their password this value will be undefined, and wont show up in a token!
function (user, context, callback) {
const namespace = 'https://myapp.example.com/';
context.idToken[namespace + 'last_password_reset'] = user.last_password_reset;
context.accessToken[namespace + 'last_password_reset'] = user.last_password_reset;
callback(null, user, context);
}
I have tested this and it works with a user who has reset their password on an Auth0 DB connection.
If this solution does not accomplish what you want, let me know and we can work through the management API solution.
Thanks,
Dan