Automatic login after creating Auth0 user

Has anyone figured out how to automatically log user in after creating them using the Auth0 Management API?

During the onboarding process of our product, I create an user using Auth0 Management API (https://auth0.com/docs/api/management/v2#!/Users/post_users) and then I would like to automatically log them in so they could start using our product without the friction of doing the login process again. But how to do this?

After the user creation, I’d somehow need to generate a jwt access token for that user but I can’t seem to find the right Auth0 API calls to do this. Could someone point me to the right direction?

It seems this has been asked already in the past in these posts:


So hopefully this isn’t utterly impossible.

Hello @MarkusK,

I’m not sure this is quite what you are looking for, but maybe you can use passwordless authentication, sending the user a magic link: https://auth0.com/docs/connections/passwordless/regular-web-app-email-link

Sorry for being inexact here @markd :slight_smile: I’ll try to elaborate a bit.

We have two uses cases:

  1. A new user comes to the site and signs up. During the sign up, we create a user profile in our system and Auth0. When user completes the sign up (=== onboarding), we want automatically log the user in. So they could start using the site straight away without doing anything else.

  2. existing user who wants login. This is a really simple case and we’re actually using Passwordless for this :slight_smile:

The use case 1) is the one I haven’t been able to figure out. During the sign up, we create the Auth0 user via Auth0 Management API (https://auth0.com/docs/api/management/v2#!/Users/post_users) but the end-point doesn’t seem to have any options for getting an access token for the freshly created user. So I’m looking for help with this: how do I automatically log that freshly created user in using Auth0 API (so that I’d get JWT access token to be used with our authenticated API)?

Hi @MarkusK,

No worries, and thanks for the clarification! I’m assuming you are using your own login / signup page? I know Universal Login will automatically log a user in after registration unless explicitly disabled. There does seem to be a ‘signup and login’ option in Auth0.js as well, though I’m not super familiar with it:

https://auth0.github.io/auth0.js/global.html#signupAndLogin

If you are calling the Mgmt API yourself, perhaps the code behind the various ‘signup + login’ options in Auth0.js may be instructive.

@MarkusK Did you accomplish what you wanted? If so, what worked?

I am also looking for a solution for a similar usecase.

In my case I am doing a custom signup in the app through /dbconnections/signup endpoint and I find no way of logging in the user after successfully signing up.

Is there a way to do so or am I forced to redirect the user to the login flow?

Cheers

Since you sign up the user via API, you have the password at that point, right (which you don’t need to persist anywhere, just keep it until the callback of the signup)? Can’t you then just use the
https://auth0.com/docs/api/authentication#get-token > Resource Owner Password grant?

1 Like

Thanks for the fast reply @mathiasconradt!

I was doing a login & signup process from the client-side but it may make more sense to use the backend as proxy with Auth0.

Cheers

I was able to get an access_token and id_token using what you mentioned, but I can’t figure out how to trigger the auto-login using those parameters? Would I send them to the /authorize URL somehow?

@jordan2 I am solving absolute same problem right now and I am gonna test what @mathiasconradt just said.

I have user’s password in the moment of signup so I am gonna get a token for him and 302 to myapp/authorize?code

Not sure what you understand under “auto-login” or “login” in general. If you have an access token (and ID token), then that’s an authenticated user at that point, nothing more to do. No more login action to do at that point.

No need for that. You have the token, that’s all. Not clear what else you’d need or why.

Let me clear that: I am working with Single Page Application as described in your tutorial.

The point is what to do with the token. I have to tell the auth0-spa-js - “Hey, we omitted standard process of sign-in, this is the token you should use for now”

Something like this.auth.useThisToke(token)

I can store this token in memory, modify your Interceptor and inject token into http header from memory. This will work. But AuthGuard will not recognize this token:

return this.auth.isAuthenticated$.pipe(
      tap(loggedIn => {
        if (!loggedIn) {
          this.auth.login(state.url);
        }
      })
    );

Auth0 for SPA works pretty well out of the box and I do not want to rewrite it just for a single purpose of “auto-login” after signup.

Thanks