Auth0 Home Blog Docs

How can I accomplish this lifecycle?


#1

I have combed through all the documents and cannot figure out how to implement exactly what I need. I need to create a user via an API. The user needs to have email id, password, and last 4 digits of the SSN, and a unique code. The user also needs to have a time to live (like two weeks).

After successful creation of the user account I want to send an email to the user with a link to a login/authentication screen.

When the user clicks on the link, we will present a screen that requires the user to enter emailid, password, and last 4 digits of SSN.

If successful, auth0 needs to forward to a specific url with the unique id that was stored in the created user.

What is the best way to accomplish this?


#2
  1. When user is created you have their email address, last 4 digit of SSN
  2. Create a auth0 user with random password and trigger password reset email
  3. On successful password change, redirect to login page and prompt them for SSN verification as custom MFA service flow

Something with https://auth0.com/docs/design/creating-invite-only-applications & https://auth0.com/docs/multifactor-authentication/custom#use-a-custom-mfa-service

  1. For time to live - You can create a rule like https://github.com/auth0/rules/blob/master/src/rules/check-last-password-reset.js but instead check for user.created_at > 2 week raise Error