We created a rule (from templates) for checkLastPasswordReset and passed an error to the callback function. However, we saw an error returned to the callback route of the application.
return callback(new UnauthorizedError('Unfortunately, it has been more than 90 days since the last password update. Please update your password to continue.'));
This is the expected behavior currently. Your application is not configured to detect errors returned to the callback. Please check this doc.