Oh I see, am I correct in assuming the Auth0 action Password Rotation’s purpose is to return an access_denied error with a message string and you have to manually handle it on the front end.
I was under the assumption that the redirect from Password Rotation would be handled by the Auth0Provider React component to open the Universal Login taking the user to the Password Reset screen (shown below) with the error_description param describing why the error was thrown being shown to the user in the universal login screen.
I added prompt: 'login' to loginWithRedirect, it does fix the endless loop by bringing the user back to the login screen. But it does not take them to the “Reset your password” screen. There is no notice to the user that the reason they authenticated successfully but are still at the login screen is due to an old password.
If the above assumptions are true is it possible to somehow bring the user to the Password Reset view in the Universal Login with a message?
