Converting email/SMS user to username & password with MFA


I was wondering if it is possible to:

  1. Create a new user without username and password (at first)
    I would supply just and email address and a phone number (and whatever else is required other than username and password) via API call.
  2. After the user exists, have them be redirected to authenticate via MFA (either email or SMS) with Auth0
  3. After MFA success they would be required to pick a username and password for their new account with Auth0 before they can access one of my applications

I am looking at securing my SPA with REST API. My challenge is that I need to validate the user in another system before I can have them create a user. I also want MFA to be part of the process and for that to be handled completely by Auth0. I see a challenge in the delayed username password setup. It seems that if I don’t require username password to begin with, I cannot add those credentials later for a user that was created with email and phone number.

Thanks for any insight you can provide.

Hey there!

Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there, but sometimes our bandwidth is not enough comparing to the number of incoming questions.

Wanted to reach out to know if you still require further assistance?