Need suggestions on this scenario.
There are two kinds of users in my application.
First type of user - who can set their passwords while signup.
– User comes to the site and enters the information. I am setting a token(generated at backend) in user_metadata. Which I am appending to verification_email link.
In the mail I get the same link, which doesn’t verify the email once clicked but redirects to my domain with token.
There I update auth0 with email_verified as true and logs him in using the token.
Is this the right approach as I didn’t get any other method to direct login after signup.
Second type of user - who can not set their password while signup.(Gets registered through api.). I need to show a create password page once user clicks on the email link.
To make auth0 signup api work, I am setting a default password for these users and follow the above approach. So after redirection from the email link , again I update email_verify as true, logs in the user, redirects to reset password page(Restrict access to only this page until email is verified).
Using the above approach I am able to achieve my requirements. But want to know, is this the right one or not.
If not Please suggest.