Automatically logging user in after they set their password

smockr · October 11, 2020, 2:27am

Hi,

I haven’t been able to find any documentation on this, but does anyone know whether it is possible to automatically log a user in once they have set (changed for the first time) their password?

We have an invite-only application that has only username/password login for users.
The sequence of steps we are currently taking is;

Create new user from invited email.
Created a change password ticket with a redirect uri that takes them back to our app.
Email the invited user with the url for the change password ticket.

I was hoping that when they set their password and get directed back to the app there would be some way to have them already authenticated rather than entering their credentials again.

The only topic I have been able to find on this is here.

But that topic is quite old (so I didn’t want to necro it) and when I tried the steps described their to alter the redirect url to contain access token info it didn’t result in the user being logged in either. Not sure if there is some critical step I am missing.

Does anyone have any insight into whether/how to do this? I am happy to except answers of “you can’t” or “you don’t want to because X” - just need to understand what is achievable via Auth0.

Thanks for any advice anyone can give.

dan.woda · October 13, 2020, 9:46pm

Hi @smockr,

Welcome to the Community!

At the moment, this is the suggested flow for invite only apps. It is even listed like this in our documentation:

This would be great feedback for our product team. If you have a moment, please submit a feedback ticket with the feedback.

We appreciate it!

smockr · October 15, 2020, 8:37pm

Just to close the loop on this in case anyone else stumbles on it with the same questions I had.
I also had a support ticket in with Auth0 and got a reply a little while ago which recommended using the Resource Owner Password Flow
- as creating a session requires the user to explicitly log in, which a reset password ticket (at least currently) is not doing.

So you can achieve this, but it would take a commitment to implementing more of the authentication flows yourself.

dan.woda · October 15, 2020, 8:39pm

Thanks for the update @smockr

system · October 30, 2020, 8:39pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Redirect user to password change right after first login Help rules , login	4	6093	June 17, 2021
Can a user automatically authenticate after password reset? Help password-reset , invitations	2	2266	November 3, 2022
Auto login after reset password Help password-reset , reset-password	12	12580	October 9, 2023
I want to add extra feature due the topic discussed on the link below Help management-api , users	2	868	October 15, 2024
Ability to generate password reset URL? Help password-reset , password , invite-only	3	8531	March 2, 2018

Automatically logging user in after they set their password

Related Topics