Creating user on our app and log user in Auth0 automatically

malanciault · January 24, 2024, 7:56pm

Hi everyone!

We would like to use Auth0 with our multi-tenants SaaS product. Each of our Tenant will be an Auth0 Organization.

We have created a custom database connection linking to our own database. This is where our current users are.

We have managed to have users from Tenant X login using the Universal Login Page for Auth0 Organization X:

However, we have not been able to activate the Signup link for an Organization:

After some research, it seems that this is not supported by Auth0.

The workaround we are investigating is the following:

1- We will manage the user registration

2- Once user is registered, we will create a user in Auth0 using Auth0 Management API

But then, we don’t want the user to have to login in Auth0 after filling up the registration form.

Is there a way we could create a session for this user on Auth0 via the API, thus avoiding the user to have to login again after having registered ?

Thanks for your help !

rueben.tiow · January 24, 2024, 9:30pm

Hi @malanciault,

That’s correct. When users sign up on your application, they are automatically logged in. This is by design and unfortunately cannot be avoided.

As a workaround, you can create a custom user registration page where you call the Authentication API’s Signup endpoint. This will create the user but not automatically log in. Using the Authentication API avoids an additional call for getting an access token to call the Management API.

If you need to perform additional Management API calls, it could be worth going that route with the Management API’s Create a user endpoint.

Let me know if you have any questions.

Thanks,
Rueben

malanciault · January 24, 2024, 10:09pm

Thanks for the answer Ruben. However, maybe I’m reading it wrong, but it’s not exactly what we want to do.

User will signup on a custom page on our SaaS. Then, what would be the best way for us to create the user in Auth0 and have the user already logged in in Auth0 without him needing to input email and password again in Auth0 login form?

Thanks for the help !

rueben.tiow · January 25, 2024, 6:44pm

Hi @malanciault,

Thanks for the clarification.

It looks like we have a similar question asked in the Community that’s answered in this thread.

Essentially, since you will have the user’s email and password after creating the user, what you need to do is obtain an access token and send it to the client.

Please refer to the thread above and let me know if you have any questions.

Thanks,
Rueben

malanciault · January 30, 2024, 2:53pm

Thanks Rueben! Highly appreciated. I will give that a try!

malanciault · February 1, 2024, 3:17pm

OK, so here is what we have so far, but there is still something not working, or, more accurately, that we don’t understand ;).

User signup on our custom page
We store user in our database
Using Auth0 API Management, we create the user with Auth0 Management API v2
Using Auth0 API Management, we add user to specific Auth0 Organization with Auth0 Management API v2

Then, on our custom signup page, using Auth0 Javascript SDK we login the user on Auth0 using auth0.webAuth.login(). It works, BUT, the user is presented with this page to authorize the app:

Is there a way to avoid this ? What are we missing?

Here is the javascript code used:

<script src="https://cdn.auth0.com/js/auth0/9.24.1/auth0.min.js"></script>
        <script type="text/javascript">

            var auth0 = new auth0.WebAuth({
                domain:       'xxx',
                clientID:     'xxx',
                organization: 'xxx'
            });

            auth0.login(
                {
                    realm: 'xxx', //connection name or HRD domain
                    email: 'xxx',
                    password: 'xxx',
                    audience: 'https://xxx.auth0.com/api/v2/',
                    scope: '',
                    responseType: 'token',
                    redirectUri: 'xxx'
                },
                function (err, authResult) {
                    // Auth tokens in the result or an error
                }
            );
        </script>

Thanks!!

rueben.tiow · February 1, 2024, 5:25pm

Hi @malanciault,

Thanks for the update.

Yes, you can skip the consent page only for first-party applications. You can do this by going to your API settings on the dashboard and enabling the Allow Skipping User Consent option.

It’s unfortunately not possible with third-party applications as they are assumed to be untrusted.

See User Consent and Third-Party Applications for more details.

Thanks,
Rueben

malanciault · February 1, 2024, 6:58pm

And it works !! You are the man Thanks!

system · February 15, 2024, 6:58pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.