When attempting to obtain an access token for a custom application using Server Authentication (JWT Auth, Client Credentials Grant, App Token Auth), the following error message is returned:
{"error":"password_reset_required","error_description":"User needs to reset password"}
Environment
Any application using Server Authentication in a non-SSO required enterprise with enforced password resets (of Box passwords).
Steps To Resolve
Check if the Primary Admin account for your organization requires a password reset. If so, log in and reset the password.
Root Cause
If the Primary Admin in a password reset required state then any service accounts for applications will also return that same error message.
platform_swarm_kb