I’d like to create new passwordless users only in a backend system, and I’ve got this all setup with a Machine-to-Machine application that is authorized to use the Management API. The problem is that when I create the user, they get a link to login that doesn’t work, and has the name of my backend app in the email. I haven’t gotten around to customizing the email templates yet, but this workflow doesn’t seem correct to me because I would prefer for them not to get an email at all.
I’ve already tried passing the param "verify_email": false in the POST call to /users and yet the email sent anyway. How can I disable this email when creating a new user, or am I thinking about this workflow entirely wrong?
So I actually tried it both ways, and tried disabling the email template also as you suggested, but it’s still the same result.
If I set the "email_verified" key to true, it does prevent the email from sending, but this also marks the user’s email as “verified” instead of just not sending the email and leaving their account unverified, so I’m not sure if this is exactly what I was looking for, but it may still work in my case (since I’m using passwordless email login anyway).
In this case, you should choose the second option of disabling the Verification Email Template. This will leave the user’s email unverified and will not automatically send any verification email when creating the user.
Thanks for the clarification. Yes, I’ve turned this off, but I’m still getting an email. However, the email looks more like a passwordless sign in email, not a verification email.
And this is why I was saying this seems wrong, because it’s offering to log me into the backend Machine-to-Machine app, which they should never login to
Is there a different template that I should be disabling?
To clarify, that is the Welcome Email template you shared.
Now from looking at the link, the issue appears to be with a missing redirect_uri parameter. You will need to check your application with the client_id in that email and check that the Allowed Callback URLs have been configured.
Once you have done so, the link will not break when you attempt to use it to sign in.
Ok great, so I have been able to customize the email and configure the callback URL, but then I’m running into the same issue that is still unresolved in this other thread.