We are implementing a custom user sign up where only the admin users can create new accounts, assuming with valid emails. The user will have a random password and is required to change it right after the email is verified.
Create User -> Send email contains link to verify -> User click Verify link -> auth0 verify the email then redirect to new password page (possibly the same page as reset password) -> Enter new Password then confirm.
Is this flow applicable with current auth0 implementations?
Thank you for reply,
But what I need to achieve is different. I need to redirect the user to the reset password page right after he or she verifies the email (by clicking the verify link embedded within the received email), so he or she can reset the password without needing to login for the first times.
First a note: why not instead of sending the email verification link (as Administrator), send them the password reset link (as Administrator) via the authentication API instead right away.
Using that link, as a user, automatically implies that the user was able to receive the email, so the email address can be seen as implicitly verified once the user has changed his password via the password reset link he received in his inbox.
Besides from above: There are no out of the box event listeners / Hooks / Rules for when a user verifies his email address or when a user changes his password. Therefore, using standard hooks or rules in this case wouldn’t work.
You could follow the suggestion as in this thread: Setting an email verification server callback using Webhooks in Auth0
using the mentioned API Webhooks where you would listen to the “Success Change Password” (and “Success Verification Email”, imo not needed) log events. Upon Success Change Password, you could as well then set the email_verified flag to true.