Bypass login after creating a user by API

Hi,

scenario

  1. A user fills our own signup form
  2. The user submits the form by clicking ‘Sign Up’ button
  3. It’s redirected to another page
  4. As the user hasn’t logged in yet, it’s redirected to Auth0

We use auth0-react. Is there any way to bypass the step 4? e.g. get a temp token from API and set this in a react context, etc.?

Hi @m.p

Thank you for contacting Auth0 Community

How are you provisioning a new user from step 2 in Auth0 ?

Thanks
Jeff

1 Like

By Auht0 management API in our BE.
Cheers.

Hi @m.p

Unfortunately, this is not possible. To ‘login the user’, Auth0 needs to create a session. The session cookie needs to be set by the authorization server, so it can’t be set from outside the tenant domain.

Also, it is considered an antipattern and security issue as per OWASP. OWASP

  • Once they have set their new password, the user should then login through the usual mechanism. Don’t automatically log the user in, as this introduces additional complexity to the authentication and session handling code, and increases the likelihood of introducing vulnerabilities.

Hope it helps

Thanks
Jeff

1 Like