Setting temporary password on the server-side, user prompted to reset password upon login w/ temp password

Get Help
,
1

Trying to create a flow such that:

  1. user’s password is set to a temporary password on the server-side
  2. user logs in with temporary password and is redirected to a reset password screen forcing them to reset upon login

Is this possible? I’ve already set the user’s password to a random generated string on the server-side, but I don’t know where to go from there. I’ve been looking into actions/hooks but I don’t know if those will apply for this specific case, because I only want the user to be redirected to reset their password if they enter in the temporary password that was requested on the server-side.

3

Hi @Jenna.Horrall,

Welcome to the Auth0 Community!

I understand that you are trying to create a flow to direct newly created users to set a new password.

First, have you taken a look at the Send Email Invitations for Application Sign Up approach, which repurposes a change password link as an invitation?

Not only will this simplify the need of programmatically generating a user’s password, but will reduce the overall complexity and improve the UX.

It is possible, however, there isn’t an OOTB solution to do this. You’ll need to use a Post-Login Action with the Management API.

Note that whenever a user is created, the last_password_reset attribute is NULL. Therefore you can check if(!event.user.last_password_reset) is true in your post-login action and implement your logic to direct your users to reset their passwords.

In your Post Login Action script, do something like the following:

After the user changes their password, this Action will not trigger again.

For more details read our How can I use the Management API in Actions?.

Please let me know how this goes for you.

Thank you.