How to let user to create their password though email verification

Unfortunately, unless you are using Organizations which is available on certain subscription plans, there isn’t an out-of-the-box way to trigger the invite flow.

You could use a Post User Registration Action to initiate the password reset. This type of action is triggered when a user is created for a database or passwordless connection in your tenant. There are a couple of ways to do this:

  1. Use a Post User Registration Action by itself. Note: This type of action is not meant to be used to make changes on the user, but rather notify other systems that a user has been registered for your app (FAQ). There is an uncommon, but possible chance that the user is not yet available to make the password change request. It sounds like creating users might be a manual process for you now, and so this method might fit what you need, as long as you check the logs that the password change request was successful to be safe. You can add retries as well:
/**
 * Handler that will be called during the execution of a PostUserRegistration flow.
 *
 * @param {Event} event - Details about the context and user that has registered.
 */
exports.onExecutePostUserRegistration = async (event) => {
  const auth0 = require('auth0');
  const management = new auth0.AuthenticationClient({
    domain: event.secrets.domain, // Add your domain here (you can find your domain from your application settings)
    clientId: event.secrets.clientId // Add your app's Client ID here (you can find the Client ID from your application settings)
  });

  const userAndConnection = {
    email: event.user.email,
    connection: 'Username-Password-Authentication'
  };

  function requestPasswordChange (retries = 2) {
    management.requestChangePasswordEmail(userAndConnection, function (err, message) { 
      if (err) { 
        // Retry the request if the user is not available
        if (retries > 0) {
          requestPasswordChange(retries - 1);
        }
      }
    });
  }
  requestPasswordChange();
};

Example successful password change request log (Auth0 dashboard > Monitoring > Logs):

  1. A more reliable/scalable approach would be to use the Post User Registration Action to initiate a job in an external queuing service that would trigger another service to make the request to change the password. This is the recommended approach given the async nature of this action trigger, however, it would require services outside of Auth0. (related topic: New user via API - set password flow)

Here is the documentation for Actions:

It’d also be great to get your input in our feedback category regarding the invite flow. The feedback category is reviewed by the product team and allows the community to vote on features that would be valuable to them: