I’m using, trying to use, the ‘Password Rotation’ plugin, which seemed to work locally, but when deployed is stuck in an endless loop.
For reference, in my code, using NextJS v14, in the api/auth[auth0] ‘callback’ handler, I detect the ‘access_denied’ | password has expired message, and when found, redirect to our hosted /error page, which displays an appropriate error message with a link back to /api/auth/login. However this just results in an endless loop which possibly finds an active session and then throw me back to my password expired page.
I have retried just redirecting to root / and/or adding prompt=login as a parameter but with no joy.
I see from this topic that someone else has that a similar problem with no clear solution.
Can anyone clarify what the correct approach is for this?
For reference for anyone that stumbles upon this, as the web app I work on requires to user to be logged in to do anything, I just changed my back to login link to api/auth/logout which effectively kills the current active system, and forces the user back to the login page, which in turn contains the ‘forgot password’ link.
Let so many things I’ve encountered on auth0, not an ideal solution, but it works.
