Custom user invite flow

Help
,
1

Hi all,

I’m new to Auth0 and currently a bit confused about the custom invite flow. I think I’ve found out what I’m supposed to do, but I’m just posting to confirm. Furthermore, it also seems like the documentation is confusing, and could do with some rework.

Send Email Invitations for Application Signup

Using the above docs, it’s all quite clear, until you hit the “Create email template” section. It correctly explains that you need to send the e-mail with your own provider. But, then it continues by explaining that you should “Customize the password change email template”. This, for one, is where the confusing starts, as it will make you believe that the ticket will be sent by Auth0, using the reset_password template.

After a lot of searching around, I’ve come to the conclusion that there are two ways of actually approaching this:

  1. Send the ticket URL yourself. In this case, why is customizing the e-mail template in Auth0 mentioned in the first place? In theory, one could fetch the e-mail template from the management API, parse it, and send it yourself. But, you won’t have access to the built-in Auth0 variables, and thus making this option kind of obsolete.
  2. Request the change password through the Authentication API. This is the approach most people seem to suggest using. But, this approach also has a few downsides. For one, the subject can’t be dynamically changed when using this endpoint. So now you’re left with a single e-mail subject for both the invite and the reset password mail? Furthermore, you can’t change the behaviour as you can when using the ticket flow. Is the user’s e-mail address going to be verified after using the link? What if I want a custom redirect URL? Or attach the user’s email address to the redirect, etc…

These solutions seem unnecessarily complex, especially considering this is a premium service from a leading identity provider that should offer more straightforward solutions out of the box. The widespread discussion on community forums suggests this is a well-recognized issue that Auth0 should have already identified and prioritized for resolution.

1 Like