I was wondering if it is possible to:
- Create a new user without username and password (at first)
I would supply just and email address and a phone number (and whatever else is required other than username and password) via API call.
- After the user exists, have them be redirected to authenticate via MFA (either email or SMS) with Auth0
- After MFA success they would be required to pick a username and password for their new account with Auth0 before they can access one of my applications
I am looking at securing my SPA with REST API. My challenge is that I need to validate the user in another system before I can have them create a user. I also want MFA to be part of the process and for that to be handled completely by Auth0. I see a challenge in the delayed username password setup. It seems that if I don’t require username password to begin with, I cannot add those credentials later for a user that was created with email and phone number.
Thanks for any insight you can provide.