When attempting to obtain an access token for a custom application using Server Authentication (JWT, Client Credentials Grant, App Token), the following error message is returned:
{"error":"password_reset_required","error_description":"User needs to reset password"}
Environment
Any application using Server Authentication in a non-SSO required enterprise with enforced password resets (of Box passwords).
Steps To Resolve
Check if the primary admin user on Box requires a password reset. If so, log in and reset the password.
Root Cause
If the primary administrator is in a password reset required state, then any service accounts for applications will also return that same error message.
platform_swarm_kb