I have a security requirement related to users’ password expiration. After 90 days of the last password change, I need to force the user to reset his password during the login redirecting the user automatically to the password change screen. After the user changes the password, the login should continue with no interruptions or additional actions. Is there a way this can be achieved by configurations or with Auth0 Actions?
1 Like
Hi @geovanny
Welcome to the Auth0 Community!
If you are looking for a quick solution to your problem, you can check our Password Rotation Action which won’t allow the user to log in, forcing him to change password.
If you found this post helpful or interesting, please give it a like 
. Your interaction makes a difference. Have a wonderful day! 
Dawid
Prefer how-to videos instead of written docs? We’ve got you covered! Check out our OktaDev YouTube channel for those helpful resources!Hi @dawid.matuszczyk, thanks for your response.
Unfortunately, this action only blocks logins for users with expired passwords. However, I would like to implement an automatic redirect to the password change screen instead of only blocking the login attempt and showing an error message.
Is there a suggested way to implement this?
Any update on this guys?
We were also expecting Auth0 UI to handle the reset password flow automatically as part of Universal Login, instead of just throwing an error back to the application. Password expiry should be a foundational part of an identity provider. The text of the error is also not localisable so would have to be interpreted by our application and a substitute string shown instead.
When will this get first-class support within Universal Login?
Until then, has anyone built a custom action to make this seamless?
For example, I am thinking that the action could automatically trigger a password reset email to the user when their password has expired so that the experience is as ‘seamless’ as possible. Our app can still show the ‘error’ message and that an email is on its way.
Thanks
Any updates on this?
Any update on this? Rotation is ok but we need it to automatically redirect
Our team is going back and answering some of our most frequently asked questions.
Password resets are still the official Auth0 recommended way to resolve this use case. Here is the instructional video we created walking through the setup process:
There may be another way which is to redirect to the password change ticket within the Action i.e: api.redirect.sendUserTo("password change ticket");
See here about redirecting within Actions:
If you would like to If see a change in this behavior please log some product feedback here Auth0: Secure access for everyone. But not just anyone.
Hope this helps.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.