After some researching and trying a few things i encountered a problem with the signup i want to do, we wanted to implement a new signup flow, which consists of 2 steps, with some clearbit and hubspot integration. (a bit similar to something like Arengu extension)
And at the moment im thinking of not using the universal login for signup, but to make a signup form completly alone and costumized in the app, and using the authentication api to register the users
First of all, is that something that is ok safety wise? or less recommended?
And secondly, is there a way existing in auth0 to do so?(adding a conditional step after signing up and an email verification needed screen)
In-app signup is called “ROPG” (Resource Owner Password Grant), and it is no longer recommended. There are many reasons why.
You can do it, with Auth0, just search for “Auth0 ROPG”.
Changing from the standard well-studied protocols/login flows have a good chance of introducing vulnerabilities.
I want to leave the login with auth0 universal login, i just want the registration to be in a multi step form,
also not gonna ask a password, the user will register and submit the fields, and than get an email to continue with auth0
So currently what i am trying to do is to signup the user via the auth0-js in my own application, to then give him a reset password email.
Is the auth0 js recommended for such a thing?
im currently developing and see the signup data isnt sent securly
Yes, this is a pretty standard flow. You will need to disable self-registration for that database in the dashboard, then implement your own flow to gather the info, create the account via the management or auth API, and then send a password reset ticket via email to notify the user.
What od you mean “the signup data isn’t sent securely”?