I want to write a App that force a user to change his password, when the admin changes the password or create the user new. The hooks for creating/removing users and changing password is done, but now I have the problem how to intercept after a login and redirect if needed to a page, where the user must change his password. It should work like the login-page if you are not logged in.
I see 2 concepts that I can use:
- A Two-Factor-Provider, but in my opinion it is a misuse of the concept.
- A Middleware, but I do not get it to use my Middleware for all requests (global).
- Is a Middleware the right way, or is it only for the requests of the app?
- Are there other possibilities to intercept all requests to force the user after login to change his password?