@fraxedas:For the time being the MSAL library will need to redirect out to the system webviews to perform the sign in. And it is going to be going out of preview soon - I don't have an exact date, but they are getting close.
@Arot:Yeah - you're going to have to create a reset password policy. On the sign in, if the user hits "forgot password", there will be an MSALServiceException that gets thrown. the constant you'll have to check for in the ErrorCode property is "access_denied".
If you see that - then you know to invoke the change password policy immediately.
@MMcCarty: Thanks Mike! You cannot do that today with the MSAL library. It's in the OAuth spec that the sign-in/up should be done through system web views. This way your app doesn't ever get a hold of the user's credentials... keeps the user's secrets safe & your app doesn't take on that responsibility either, let the OS handle it.