Hi @Jenna.Horrall,
Welcome to the Auth0 Community!
I understand that you are trying to create a flow to direct newly created users to set a new password.
First, have you taken a look at the Send Email Invitations for Application Sign Up approach, which repurposes a change password link as an invitation?
Not only will this simplify the need of programmatically generating a user’s password, but will reduce the overall complexity and improve the UX.
It is possible, however, there isn’t an OOTB solution to do this. You’ll need to use a Post-Login Action with the Management API.
Note that whenever a user is created, the last_password_reset attribute is NULL. Therefore you can check if(!event.user.last_password_reset) is true in your post-login action and implement your logic to direct your users to reset their passwords.
In your Post Login Action script, do something like the following:
- If the user has not reset their password previously, then create a password change URL with the Management API (https://auth0.github.io/node-auth0/module-management.ManagementClient.html#createPasswordChangeTicket)
- Then redirect the user to the password change URL (Redirect with Actions)
After the user changes their password, this Action will not trigger again.
For more details read our How can I use the Management API in Actions?.
Please let me know how this goes for you.
Thank you.