Setting temporary password on the server-side, user prompted to reset password upon login w/ temp password

Trying to create a flow such that:

  1. user’s password is set to a temporary password on the server-side
  2. user logs in with temporary password and is redirected to a reset password screen forcing them to reset upon login

Is this possible? I’ve already set the user’s password to a random generated string on the server-side, but I don’t know where to go from there. I’ve been looking into actions/hooks but I don’t know if those will apply for this specific case, because I only want the user to be redirected to reset their password if they enter in the temporary password that was requested on the server-side.

Hi @Jenna.Horrall,

Welcome to the Auth0 Community!

I understand that you are trying to create a flow to direct newly created users to set a new password.

First, have you taken a look at the Send Email Invitations for Application Sign Up approach, which repurposes a change password link as an invitation?

Not only will this simplify the need of programmatically generating a user’s password, but will reduce the overall complexity and improve the UX.

It is possible, however, there isn’t an OOTB solution to do this. You’ll need to use a Post-Login Action with the Management API.

Note that whenever a user is created, the last_password_reset attribute is NULL. Therefore you can check if(!event.user.last_password_reset) is true in your post-login action and implement your logic to direct your users to reset their passwords.

In your Post Login Action script, do something like the following:

After the user changes their password, this Action will not trigger again.

For more details read our How can I use the Management API in Actions?.

Please let me know how this goes for you.

Thank you.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.