We have an invite only scenario and a use of organizations. For now I implemented the suggested invite-only flow:
- Create User via Management API with random password
- Add to organization
- Send password reset link via Authentication API
- Customized change password email template (check via user.app_metadata if it is an invite)
It would be a perfect addition if we could somehow enable social logins. Currently, if enabled, a user could click “login via google” in the universal login screen. Then I get an error via the callback url that the user does not belong to an organization which is correct. How can we work around this? Would it be feasible to display an error in this case and give the user, when logged in with a standard account, the ability to link the current account to a social account? I read the docs about account linking, however they only talk about “existing” social accounts. In my case the user would click on something like “link account with google”, gets redirected to google, logs into account, gets redirected back and the account is automatically linked.
Is this a good idea? If so, could you give me any starting points or examples. We use angular for the frontend and spring boot for the api.