Is it possible to force the user to change his password after first login? I’m using a bulk user import job and each user has a custom hashed password section filled. However, I need the user to change the pass after login. I import ~500 users, so I don’t want to create a 500 ‘password change’ requests, especially because there is no way to do that for several users in a row. Please, correct me if I’m wrong.
After searching I found this article: Bulk User Imports and this particular pre-request::
If you are importing passwords, make sure the passwords are hashed using one of the supported algorithms. Users with passwords hashed by unsupported algorithms will need to reset their password when they log in for the first time after the bulk import.*
I tried to use an unsupported hash algorithm, but in that case users weren’t imported at all. Is this way still relevant? If so, how should I modify my user object so Auth0 understands unsupported algorithm, imports a user and forces him to change the pass?
Sorry, formatting issue. It should be:
…and this particular pre-request:: If you are importing passwords, make sure the passwords are hashed using one of the supported algorithms. Users with passwords hashed by unsupported algorithms will need to reset their password when they log in for the first time after the bulk import.
I tried to use an unsupported hash algorithm, but in that case users weren’t imported at all. Is this way still relevant? If so, how should I modify my user object so Auth0 understands unsupported algorithm, imports a user and forces him to change the pass?
@dan.woda I tried to willingly create an invalid hash for the examples listed here Bulk User Import Database Schema and Examples. For some algorithms, like bcrypt, an incorrect hash will not even import the new user; and for some others, like md4, I couldn’t create an incorrect hash.
Do you happen to know which incorrect hash (if possible please with an example, including which algorithm and which hash value), will:
Thanks…unfortunately for me that results in a message ‘Wrong password’ when I try to login for that user and does not result in this ‘Password needs to be updated because of first time login’ message. Are you sure it is an incorrect hash?