Problem statement
An attempt to login using a Google social connection results in a redirect to Google’s changePassword page, forcing users to change their password.
Troubleshooting
Create a HAR file that captures the login flow, including the point at which a user is prompted to change their password. For further information, refer to Generate and Analyze HAR Files.
Cause
Auth0 does not control the password change requests from Google, and Auth0 cannot force users to change the password in their Identity Provider.
Solution
- Review the login flow that is captured within the HAR file.
- Review the Google password change policy. For further information, refer to Enforce and monitor password requirements for users. Since the issue affected all users on the same day:
- Verify if the Expiration setting is configured in the Google Cloud Console.
- Check whether any other Google password management settings were updated recently.