Automatic login after creating Auth0 user

The approach you mentioned will not work because the Management API V2 does not allow setting a password for users with the “email” (passwordless) connection

Therefore use a Passwordless Connection & Account Linking (with a regular database connection account). For the database connection account, you can set a password. You link it with a passwordless account based on email address.

1 Like

@mathiasconradt awesome, that’s an interesting suggestion, thanks for that.

So we’ll create a separate database connection for our “implicit signup”.

However, we’ll have to run a webhook of sorts on our backend every time a user successfully authenticates using the Passwordless OTP flow. Is that possible? Our backend will then use the Management V2 API to link the previous (unverified) users from the database connection.

You can either do the account linking right from the start (when you create the user in the first place, create two accounts for him and link them already), or inside a Rule. Within a Rule, the context tells you when it’s the first login of a user or whether he’s coming from a passwordless connection. So it doesn’t necessarily need to be done from your backend, can be handled inside a Rule as well.
(In this whole scenario, of course there are a few security considerations to deal with.)

1 Like

Makes sense. We’ll try creating both at once and come back to you.

We understand the security implications, please bear in mind that this auth flow will only be possible if the email has never been used before. You cannot use it to “backdoor” into other user’s account.

1 Like

@mathiasconradt I’m not sure if the conversation you had with tom addresses this, but here is our desired user onboarding flow:

  1. On our site, the admin invites specific emails to be onboarded. Our system sends custom invitation links to those emails.
  2. Users click on the link in their email & come to our onboarding page
  3. The user fills out their information (name/password/etc) and clicks submit
  4. Our system validates that the user came from a valid onboarding link
  5. An Auth0 account is created for the user
  6. We generate an access_token on our server for the newly created user
  7. We send the access_token to the client & they can begin using the site as the user that was just created

So far, we are able to accomplish everything except step 7. We’re using the Auth0 React library and as far as I can tell, there’s no easy to provide the acess_token generated in step 6 to the Auth0 React library. So the Auth0 library will say that the user is not authenticated & the user will be directed to our universal login page.

Is there a way to “seed” the Auth0 React library with an access_token, so the user is not forced to immediately login?

1 Like

Have you found any resolution to auto-login ever since? We’ve been looking high, low, far and wide but never really gotten anywhere :frowning:

Hope to hear from you or any of the community members/experts.