Custom Database Action Script - Force password change if low strength


If i use the ‘Import Users to Auth0’ method and call custom API/DB from the Login ‘Database Action Scripts’, can i force or redirect the user to reset their password if it does not meet the password strength?

If not directly, which seem like the ideal opportunity as my script already know the password, can i somehow set set a flag using the management API forcing a change the next time the user login?

Thanks for any ideas or input :slight_smile:

Hi @nopasswords

Welcome back to the Auth0 Community!

Thank you for posting your question. I assume based on your comment

that you store password in a easy to decrypt way is not a recommended way and during importing your users password need to be provided in the hashed. You can read more about bulk import here Bulk User Imports

In terms of the changing password you can try to utilize this feature Users with passwords hashed by unsupported algorithms will need to reset their password when they log in for the first time after the bulk import. Alternativly you can edit the user metadata with script that would add flag which can be checked during post-login action and force user to reset password.

I hope this will help you!


Thanks for your input.

The users passwords are hashed in the legacy system and we are doing ‘Lazy Migration’ and not bulk import.

So what i mean with ‘my script already know the password’ is that our ‘Auth0 custom database action’ script running in Auth0 and doing the Lazy migration know the password the user has entered and thus we could have it determine if it meet the criteria.

The question then is just how i, from that Auth0 custom database action script, can trigger a password change in a user-friendly way.

But i will read up using the link you sent. Thanks! :slight_smile:

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.