Hello! First time poster, so I might have the tags and categories mixed up. Regardless, any help would be greatly appreciated.
Here’s the situation:
We have a custom sign up page, and I have already configured our application with the Auth0 library (auth0) so that when a user signs up using our page, we create a client, and send a verification email to them. I have done my research and know now that it is essentially impossible to have a user logged in when they verify their email this way and it is only possible when using the Auth0 Sign Up widget (bc of cookies/sessions).
This led me down the rabbit hole of trying to figure out if there is a way to mimic what the widget does (set up cookies/sessions the way the widget does) so that when a user verifies their email via the ManagementClient, they can still get logged in when landing on the app.
The reason I am doing this is because our custom sign up page will not be requiring a password. We want the user to verify their email before they make a password. And before you ask why don’t I just send them a change password email with customized wording, the reason I opted to build the change password page on the app is because I wanted to add additional fields at the same time they are “setting” their password. And also the classic UI is not a good fit for our theme.
I have several theories but can’t find the documentation to implement them:
- Is there a way to mimic what the signup widget does with the auth0 library?
- Is there a way to set cookies/sessions so that when a user verifies their email they are logged in right away?
- Is there a way set a session via password grant or something else when I create the user so that they are essentially “logged in” but still locked out of the app until they verify their email?
Any and all help is welcome. Thank you.