Auth0 Home Blog Docs

login user after forced password reset through rules

password-reset
rules
user-login

#1

I am trying to force users to reset their password the first time they login after sending them an autogenerated password by email. This is done by generating a password change ticket in a auth0 Rule. However, I can’t figure out how to log the user in when they are redirected back to the login page, without using a custom application-specific page as shown in this documentation :
https://auth0.com/docs/rules/current/redirect

Basically, I want to do what the docs show by using the hosted password-reset page rather than create my own.


#2

I might be missing something, but if the end-goal is to force users who were registered by you to reset their passwords why send them a password in plain-text in the first place. If you don’t send them the password then you will know for sure that they will have to complete a reset password step in order to login and doing it like this could likely reduce the complexity of the implementation.


#3

My aim is to log them in directly after they have chosen a password by themselves, instead of making them click on"log in" and enter it again


#4