I have the same need. I was also expecting that after inputing his new password the user would be logged in.
I found another issue (kind of related): Get Magic Link for Passwordless Login for Personalized Login E-mail , so I guess it’s not possible.
Right now I’m using a trick for new users. I’m setting a password that we generate server side, use the password with the ‘/oauth/token’ API to get the tokens and use them to create a redirect url that I feed to the’/api/v2/tickets/password-change’ API. It returns me an link that allows the user to change his password and then redirect him to the site with valid credentials.
Sadly, it works only for the new users. Those who already have a password and want to change it will not be logged once changed, as I did not find a way to generate them the proper credentials without knowing their password.
Am I missing something? Is there an API endpoint to generate an accessToken without specifying the user password? (by providing the client private key for example).