Are you unable to use the /auth authorization endpoint in your use case?
I believe you would have to use the newly generated password right after it’s created. If you don’t have access to it in any way, the best option would be to prompt the user for it, as that’s how I believe the endpoint is meant to be used.
