We are facing an issue in Pega 8.3 and Pega 24 that occurs only on Pega Mobile.
Scenario:
User logs in to Pega Mobile for the first time and successfully changes the password.
User changes the password again successfully.
When the user logs in to Pega Mobile again, the system still asks the user to change the password, even though the password was already changed.
This issue does not happen on web login.
We have also verified that pyChangePassword and pyChangePasswordOnNextLogin on Data-Admin-Operator-ID are set to false.
Question:
How can we prevent Pega Mobile from prompting the user to change the password again after it has already been changed successfully?
Update your Pega Mobile change-password flow so it always performs a full sign-out after the password is saved. Right after the password change succeeds, call getAuthUtils().revokeTokens() to revoke the stored access and refresh tokens, then immediately log the user out (terminate the requestor/session).This forces the next mobile login to start a brand-new authentication session instead of reusing a stale token state that can keep triggering the password-change screen.Once this is in place, the mobile app should land back on the login screen after the change, and the next login should go straight into the app without prompting for another password change.
My 2 cents.. to create a support INC ticket to identify the root cause. This seems to be very specific for your use case because the SMEs will have a details review the Auth profile and timeouts configured to understand the root cause of this issue.