I am trying to force users to reset their password the first time they login after sending them an autogenerated password by email. This is done by generating a password change ticket in a auth0 Rule. However, I can’t figure out how to log the user in when they are redirected back to the login page, without using a custom application-specific page as shown in this documentation :
Basically, I want to do what the docs show by using the hosted password-reset page rather than create my own.
I might be missing something, but if the end-goal is to force users who were registered by you to reset their passwords why send them a password in plain-text in the first place. If you don’t send them the password then you will know for sure that they will have to complete a reset password step in order to login and doing it like this could likely reduce the complexity of the implementation.
My aim is to log them in directly after they have chosen a password by themselves, instead of making them click on"log in" and enter it again