--- a/mod_client_management/mod_client_management.lua	Wed Apr 05 19:42:16 2023 +0100
+++ b/mod_client_management/mod_client_management.lua	Wed Apr 05 19:45:13 2023 +0100
@@ -294,6 +294,9 @@
 				local ok = tokenauth.revoke_grant(username, status.grant.id);
 				if not ok then return nil, "internal-server-error"; end
 			end
+			if status.password then
+				return nil, "password-reset-required";
+			end
 			return true;
 		elseif c_type == "grant" then
 			local grant = tokenauth.get_grant_info(username, c_id);