Try this one:
https://<domain>/auth/realms/<realm>/protocol/openid-connect/auth?client_id=<client>&redirect_uri=<client_redirect_uri>&response_type=code&scope=openid&kc_action=UPDATE_PASSWORD
This should initiate an update password flow. If the user is not yet authenticated, the login screen will occur first, then the update password screen comes and afterwards the user should be redirected to your client app.