The Password Policy module is a popular security module which allows site admins to define password policies on a site.
One such policy is the ability to force the user to change their password every so often. When this policy is enforced users are forced to the password change screen once they login and forbidden to travel elsewhere on the site, every click brings them back to the password change screen.
When an admin masquerades as a user whose password has expired they are forced to the password edit screen. The admin is then unable to click the link as doing so brings them back to the users password edit screen.
Password policy module provides hook_password_policy_expire_url_exclude() to allow modules to define paths which should not force a redirection.
Given the popularity of the password policy module I suggest that it is OK for masquerade to support it and implement this hook.
This is cloned from the 7.x-dev Issue, the same problem exists in Drupal 8/9 with the 8.x version. I had a quick look into the patch and the 8.x code, it seems that this was not ported to D8. I'm not sure whether the solution will be the same, but I'll check this out.
Closed: outdated
2.0
Code
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
I'm going to mark as NR. Someone should check if the Password Policy module update fixed their issues.
There's no patch for the module so nothing to review, please move the issue to password policy module
Since that module already has an issue for supporting Masquerade, I think this can be closed.