Automatically logging user in after they set their password


I haven’t been able to find any documentation on this, but does anyone know whether it is possible to automatically log a user in once they have set (changed for the first time) their password?

We have an invite-only application that has only username/password login for users.
The sequence of steps we are currently taking is;

  • Create new user from invited email.
  • Created a change password ticket with a redirect uri that takes them back to our app.
  • Email the invited user with the url for the change password ticket.

I was hoping that when they set their password and get directed back to the app there would be some way to have them already authenticated rather than entering their credentials again.

The only topic I have been able to find on this is here.

But that topic is quite old (so I didn’t want to necro it) and when I tried the steps described their to alter the redirect url to contain access token info it didn’t result in the user being logged in either. Not sure if there is some critical step I am missing.

Does anyone have any insight into whether/how to do this? I am happy to except answers of “you can’t” or “you don’t want to because X” - just need to understand what is achievable via Auth0.

Thanks for any advice anyone can give.

Hi @smockr,

Welcome to the Community!

At the moment, this is the suggested flow for invite only apps. It is even listed like this in our documentation:

This would be great feedback for our product team. If you have a moment, please submit a feedback ticket with the feedback.

We appreciate it!

Just to close the loop on this in case anyone else stumbles on it with the same questions I had.
I also had a support ticket in with Auth0 and got a reply a little while ago which recommended using the Resource Owner Password Flow
- as creating a session requires the user to explicitly log in, which a reset password ticket (at least currently) is not doing.

So you can achieve this, but it would take a commitment to implementing more of the authentication flows yourself.

1 Like

Thanks for the update @smockr :smile:

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.