Problem statement
When using the built in password rotation action, this action only sends an error to the application callback URL. The rest has to be handled at the application level. Is there an alternative to automatically direct the user to the password reset widget?
Solution
The following is an alternative action to the built-in password rotation action. This action handles redirecting the user to the password reset widget if passwordResetRequired() returns true.
NOTE: This is not application-ready code; instead, it is provided as an example only. Customers need to create their own logic to track when to force a user to rotate their password.
exports.onExecutePostLogin = async (event, api) => {
function passwordResetRequired(){
//This function should contain the logic for when a user should rotate their password. It should return a boolean.
}
function logoutWithReturnUrl(ticketUrl) {
return `https://${event.request.hostname}/v2/logout?client_id=${event.client.client_id}&returnTo=${encodeURIComponent(ticketUrl)}`
}
if (passwordResetRequired()) {
const ManagementClient = require('auth0').ManagementClient;
const client = new ManagementClient({
domain: event.secrets.domain,
clientId: event.secrets.clientId,
clientSecret: event.secrets.clientSecret,
});
const r = await client.tickets.changePassword({
user_id: event.user.user_id,
client_id: event.client.client_id,
});
api.redirect.sendUserTo(logoutWithReturnUrl(r.data.ticket));
}
};