How to do Invitation flow properly?

My use case is bulk invite. I have a set of emails and I want Auth0 to send out emails where users:

  1. verify their email
  2. set their passwords (possibly set their First Name Last name and Phone)

Seems like a very very common flow to me.

I’ve read this: https://auth0.com/docs/design/creating-invite-only-applications
and I’ve read this: About the invitation-only flow

It’s a little underwhelming to be honest.

  1. Can bulk import return user IDs?
  2. How do I wait for user to verify his email and trigger password change automatically?
  3. is it expected that the application sends out emails?
  4. Can email verification and password set be turned into single step?

Is proper Invite feature on the roadmap in near future?

Hi @oliver.janik,

Welcome to the Community!

Hopefully I can answer some questions here and point you in the right direction.

Bulk import will not return user IDs. You can do an export after you have successfully created the users to get a JSON file with the users, but this may not be necessary. See below.

You can accomplish the email verification and password reset with just a password reset email. See the mark_email_as_verified option in the password change job endpoint.

Also, if you know the user email and connection ID, then you should be able to request a password reset with that endpoint (i.e. no user id required). See the schema in the link above for details.

In summary:

  • Import your users
  • Run a script that posts to the password change ticket endpoint for each user. You need to plan for management API rate limits. This can be in your invite email.

Let me know if you have questions,
Dan

Thanks for your reply I found mark_email_as_verified after I posted the question.

Few more questions:

  1. Can users set their First name and Last name during the reset password process?
  2. When I get password reset ticket, how do I fire the password reset email using the ticket?
  3. Is this doco page out of date? https://auth0.com/docs/design/creating-invite-only-applications

Cheers!

Not that I know of…maybe with some serious workarounds.

Can I propose a different solution? Use a redirect rule to check if that info is set, and if not to do it in a seperate form. This is a typical flow and users are used to this type of progressive profiling.

If you want to use the internal Auth0 email template service you don’t need an pw reset ticket (the ticket is essentially just a URL, typically you use this if you are providing your own email service. It is more flexible). You should request a change password email be sent.

I would agree with that statement. I will let the team know.

Let me know if you have any other questions!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.