Is it possible using Identity server 6.1.0 to force the user to change his password on first login ?
I did not find anything in the documentation, but in this case should we use reset password feature to simulate this scenario?
POST_AUTHENTICATION
event (https://is.docs.wso2.com/en/latest/references/extend/user-mgt/write-a-custom-event-handler/#write-an-event-handler). That event handler should update the custom claim you introduced in step 1, when a user authenticates successfully.curl --location --request PATCH 'https://localhost:9443/scim2/Me' \
--header 'Authorization: Beaer <token obtained by authenticated user>' \
--header 'Content-Type: application/json' \
--data-raw '{
"Operations": [
{
"op": "replace",
"value": {
"password": "newpassword"
}
}
],
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
]
}'
Further, you might need to maintain a claim to update whether user reset the password succesfully from first login. Otherwise, user could be able to by pass the pssword reset