Hi, is it possible to register a new user via the management API and require the user to set a password when verifying their email address?
I am currently working on an invite-only web app, and the only flow I have got working is this:
- create user via management API, with a random password which is not recorded
- user receives verification email
- user verifies their account and is forwarded to the web app
- web app instructs the user to return to auth0 and click “forgot password”
There seems to be a complicated alternative involving custom email senders and the forgot password template (Send Email Invitations for Application Signup), but I feel like I must be missing something in the docs/API as the desired workflow seems so common.
Have I missed something, or is the desired workflow unsupported out-of-the-box?
Welcome to the Auth0 Community!
I understand that you are trying to allow your users to set a password on their first login.
In your current approach, it is possible to create a user using the Management API and have them verify their email and be redirected to your web app that instructs them to click on the Forgot Password.
However, the part where you have to instruct them to click on the forgot password to “set a password” for the first time, may seem confusing or misleading.
Instead, I recommend following the doc you shared to Send Email Invitations for Application Signup. This way, you can repurpose the Forgot Password template as an Email Invitation to allow users to set their password for the first time.
I hope this helps!
If you have any further questions or need help with implementation, please feel free to reach out!
Thanks, Reuben. I’ve now switched to another auth provider, but will keep this in mind in the future.