Ok thanks, how we do it at the moment actually is with a sql trigger function on insert to the emailpassword_pswd_reset_tokens table. That enables us to have different validity periods for tokens before and after first login.