How to let user to create their password though email verification

current flow and this is what Auth0 asked to do:

  1. admin create a user with a password
  2. user get a verification email, to verify the email (user will click the link and verify)
  3. admin send the password to the user to login (write it down in a paper and send through snail mail)
  4. user wait until the password to come through snail mail, and log in to the system when it received

Do you have any better option for the point 3 above , to let users to create their own password with invitation email ?
This is the worst documentation I ever read Send Email Invitations for Application Signup

Hi @hiran,

Thanks for joining the Community!

Thanks for the feedback. We’ve brought this issue to the docs team regarding the email invitation flow guide.

Instead of sending the password to the user, you can use the Management API’s POST /api/v2/tickets/password-change endpoint to generate a password-change ticket. You can then send the user an email with the password-change ticket URL. The email would need to be sent through your own email provider. You can also skip the email verfication step by passing the mark_email_as_verified param as true when you generate the change-ticket.

Please let me know if you have further questions!

@stephanie.chamblee Thanks for the reply. You explain it well. But, can we generate the password change ticket through auth0 admin console?
Because we are not maintaining our own application to manage users. We use your admin portal to create/delete users.
what I need is:

  1. system administration login to Auth0 admin portal (tenant admin)
  2. create a new user and let the user create a password

Unfortunately, unless you are using Organizations which is available on certain subscription plans, there isn’t an out-of-the-box way to trigger the invite flow.

You could use a Post User Registration Action to initiate the password reset. This type of action is triggered when a user is created for a database or passwordless connection in your tenant. There are a couple of ways to do this:

  1. Use a Post User Registration Action by itself. Note: This type of action is not meant to be used to make changes on the user, but rather notify other systems that a user has been registered for your app (FAQ). There is an uncommon, but possible chance that the user is not yet available to make the password change request. It sounds like creating users might be a manual process for you now, and so this method might fit what you need, as long as you check the logs that the password change request was successful to be safe. You can add retries as well:
/**
 * Handler that will be called during the execution of a PostUserRegistration flow.
 *
 * @param {Event} event - Details about the context and user that has registered.
 */
exports.onExecutePostUserRegistration = async (event) => {
  const auth0 = require('auth0');
  const management = new auth0.AuthenticationClient({
    domain: event.secrets.domain, // Add your domain here (you can find your domain from your application settings)
    clientId: event.secrets.clientId // Add your app's Client ID here (you can find the Client ID from your application settings)
  });

  const userAndConnection = {
    email: event.user.email,
    connection: 'Username-Password-Authentication'
  };

  function requestPasswordChange (retries = 2) {
    management.requestChangePasswordEmail(userAndConnection, function (err, message) { 
      if (err) { 
        // Retry the request if the user is not available
        if (retries > 0) {
          requestPasswordChange(retries - 1);
        }
      }
    });
  }
  requestPasswordChange();
};

Example successful password change request log (Auth0 dashboard > Monitoring > Logs):

  1. A more reliable/scalable approach would be to use the Post User Registration Action to initiate a job in an external queuing service that would trigger another service to make the request to change the password. This is the recommended approach given the async nature of this action trigger, however, it would require services outside of Auth0. (related topic: New user via API - set password flow)

Here is the documentation for Actions:

It’d also be great to get your input in our feedback category regarding the invite flow. The feedback category is reviewed by the product team and allows the community to vote on features that would be valuable to them:

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.