Force Change Password

Hi,

I want to write a App that force a user to change his password, when the admin changes the password or create the user new. The hooks for creating/removing users and changing password is done, but now I have the problem how to intercept after a login and redirect if needed to a page, where the user must change his password. It should work like the login-page if you are not logged in.

I see 2 concepts that I can use:

  1. A Two-Factor-Provider, but in my opinion it is a misuse of the concept.
  2. A Middleware, but I do not get it to use my Middleware for all requests (global).

My Querstions:

  • Is a Middleware the right way, or is it only for the requests of the app?
  • Are there other possibilities to intercept all requests to force the user after login to change his password?