Is there an easy way to create a page to change a password maybe by generating a token using a user’s original password and then injecting that into a reset pwd action? It seems a little too much like a workaround to force users to click forgot password and check their email if they just want to change their password.
This can be done but the gist is that you will have to do a few things to bypass security.
This diagram shows the basic idea:
Essentially bf only presents the token needed to change a person via the onAuthenticationNotifier script. So you will have to intercept it there and pass it back to the front end.
But, since that script does not return data to the front, you will need to pass it back via fms in a temp field.
It looks more complicated that it is here.