It would be very useful to have the ability to force a user to reset their password.
While this is a generally useful feature, this is particularly important if the password has been compromised in some way.
It would be very useful to have the ability to force a user to reset their password.
While this is a generally useful feature, this is particularly important if the password has been compromised in some way.
While this is a valid feature request that can be upvoted by other users so we gather the interest, you can do it yourself somehow. That's the "beauty" of using something you have full control, like TMS Sphinx, compared to cloud-based solutions like Auth0 and similar.
You can simply check if the user password is compromised, for example:
if IsPasswordCompromised(User.PasswordHash.AsUnicodeString) then
// user cannot proceed
And do all by yourself. The code above can be in the OnConfigureToken
event, for example, and then you flag the user as "on hold" until he changes the password. Simply refuse the user in your application and warn him he has to change the password using the "forgot password" feature.