Create passwordless user via Management API in Machine-to-Machine app

I’d like to create new passwordless users only in a backend system, and I’ve got this all setup with a Machine-to-Machine application that is authorized to use the Management API. The problem is that when I create the user, they get a link to login that doesn’t work, and has the name of my backend app in the email. I haven’t gotten around to customizing the email templates yet, but this workflow doesn’t seem correct to me because I would prefer for them not to get an email at all.

I’ve already tried passing the param "verify_email": false in the POST call to /users and yet the email sent anyway. How can I disable this email when creating a new user, or am I thinking about this workflow entirely wrong?

Hi @eric.luce,

Thanks for reaching out to the Auth0 Community!

In this scenario, you will want to create the user with "verify_email": true to avoid sending a Verification Email to the user.

Alternatively, you can disable the Verification Email template on your Auth0 Dashboard > Branding > Email Templates.

Doing so will also prevent the Verification Email from being sent.

Please let me know if you have any further questions.

Thank you.

So I actually tried it both ways, and tried disabling the email template also as you suggested, but it’s still the same result.

If I set the "email_verified" key to true, it does prevent the email from sending, but this also marks the user’s email as “verified” instead of just not sending the email and leaving their account unverified, so I’m not sure if this is exactly what I was looking for, but it may still work in my case (since I’m using passwordless email login anyway).

Hi @eric.luce,

Thank you for your response.

In this case, you should choose the second option of disabling the Verification Email Template. This will leave the user’s email unverified and will not automatically send any verification email when creating the user.

image1570×1190 135 KB

I have just tested this myself and can confirm that a newly created/registered user does not get the verification email.

Please let me know how this goes for you.

Thanks.

Thanks for the clarification. Yes, I’ve turned this off, but I’m still getting an email. However, the email looks more like a passwordless sign in email, not a verification email.

CleanShot 2022-01-19 at 10.12.51@2x1274×1616 160 KB

And this is why I was saying this seems wrong, because it’s offering to log me into the backend Machine-to-Machine app, which they should never login to

Is there a different template that I should be disabling?

Hi @eric.luce,

Thank you for your response.

To clarify, that is the Welcome Email template you shared.

Now from looking at the link, the issue appears to be with a missing redirect_uri parameter. You will need to check your application with the client_id in that email and check that the Allowed Callback URLs have been configured.

Once you have done so, the link will not break when you attempt to use it to sign in.

Please take a look at the Passwordless Email configuration doc on how to modify the passwordless email template.

Lastly, I would like to emphasize that this email is expected and should offer the user a way to authenticate and redirect the appropriate page.

Thanks!

Ok great, so I have been able to customize the email and configure the callback URL, but then I’m running into the same issue that is still unresolved in this other thread.

Hi @eric.luce,

Thank you for your update.

I’m glad things are working correctly now!

Please allow some time to follow up on the topic and reply in the other thread you shared.

Thanks!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.