Custom User Signup then Create New Password Flow

I see. In that case:

First a note: why not instead of sending the email verification link (as Administrator), send them the password reset link (as Administrator) via the authentication API instead right away.
Using that link, as a user, automatically implies that the user was able to receive the email, so the email address can be seen as implicitly verified once the user has changed his password via the password reset link he received in his inbox.

Besides from above: There are no out of the box event listeners / Hooks / Rules for when a user verifies his email address or when a user changes his password. Therefore, using standard hooks or rules in this case wouldn’t work.

I therefore only see these two options:

  1. Custom developed signup/login hosted on your end, to which the initially email sent out by your Admin actually leads to, where you verify the user and then let him reset the password - and your site would just call the Auth0 APIs, such as
    Auth0 Management API v2
    Change Users' Passwords

  2. You could follow the suggestion as in this thread:
    Setting an email verification server callback using Webhooks in Auth0
    using the mentioned API Webhooks where you would listen to the “Success Change Password” (and “Success Verification Email”, imo not needed) log events. Upon Success Change Password, you could as well then set the email_verified flag to true.

See docs for API webhooks:

Similar or related threads:

2 Likes