Source code for the Password Rotation integration

I am using Pulumi to create Auth0 resources, and it doesn’t seem to have support for Market Place Integrations. Specifically I need to add the Password Rotation integration as a post-login Action to enforce a login expiry duration.

I can create custom Actions with Pulumi, but I need the source code. Therefore is it possible to have access to the source code for the “Password Rotation” market place integration:
Password Rotation Integration with Auth0

I was hoping to find it in the Auth0 Market Place github repo, but it’s not available.

Hi @james.boswell,

Welcome to the Auth0 Community!

To mimic the Password Rotation integration in a Post-login action script, I suggest checking out this in a related community post that answers this:

Let me know if you have any questions.

Thanks,
Rueben

Thanks. I’m curious though that this example differs quite a lot from this similar one a few months ago for Password Rotation. The email request and redirect are quite different. Could you explain the differences and why we might use one over the other?

Hi @james.boswell,

Thanks for your response.

The Sample Password Rotation Action knowledge solution that you shared uses the Management API to redirect the user to the password change ticket URL. In this flow, the user is immediately prompted to reset their password.

This is different from the example I shared in my first reply, which uses the Authentication API to send a password change email to the user. Additionally, it checks whether the user’s last password change was more than 30 days ago to trigger the password change flow. In this flow, the user must go to their email and click on the link to reset their passwords.

Also, I just wanted to remind you that these action scripts are examples. You’ll need to customize them to fit your specific requirements for tracking when to prompt users to rotate their passwords.

I hope that helps!

Thanks,
Rueben

Thanks Rueben, I’m using Management API to redirect to change password ticket URL.

Is there a way to let the user know why they’re being prompted to change their password? The following code happens in post-login action

       exports.onExecutePostLogin = async (event, api) => {
           // ... code to determine password age ...

           if (passwordTooOld) {
               const { ManagementClient } = require('auth0');
               const client = new ManagementClient({
                   domain: DOMAIN, clientId: CLIENT_ID, clientSecret: CLIENT_SECRET,
               });

               console.log('Password too old, reset required');
               // #### how to let user know their password is too old?
               const r = await client.tickets.changePassword({
                   user_id: event.user.user_id,
                   client_id: CLIENT_ID,
               });

               api.redirect.sendUserTo(r.data.ticket);
           }
      }

and the flow from user’s perspective is that they authenticate with password, and immediately are taken to Change Password page to enter a new password, but with no context as to why.

Also after the password is changed in this flow, how do I redirect back to the original login page?

Thanks

Hi @james.boswell,

Maybe you could consider redirecting twice. Once to a page where you inform the user about the expired passwords, and then a second time to the password change URL.

You would need to send the user back to the /continue endpoint with the state.

For example: https://{yourAuth0Domain}/continue?state=abc123

See Redirect with Actions.

Thanks,
Rueben

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.