Spring Boot API (protected by auth0) and working fine.
Angular SPA (protected by auth0) also working fine.
Final part of the project. User signup.
I cannot use the Auth0 signup because it let’s all and sundry access to my application.
I have a custom registration process where I collect all the users information, then they are charged (using Braintree API) finally once all this has completed I want to create a new user in my SPRING controller.
Does not help, no java example, no instructions about how to get access to the authentication API to make a call in Java.
I tried to follow some instructions regarding machine to machine applications which I have set up.
Now I am sitting at my desk looking blankly at my Spring Registration controller wondering how to code the request to create a new user.
Does anyone have an example or step by step instructions on how one of the most common use cases on the web is implements.
Just to be clear.
User visits my site ====> User signs up and makes a payment ====> User account is created in Auth0 and verification email is sent =====> User gets access to web site.
All working except the account creation in Auth0, and 1 week later still no progress on how it is done.
Do you support this use case at all?
Thank you in advance for any answers that might help me to get my new startup portal online using Auth0.
I think a better solution, though, is to allow users to sign up if paid or not, and when they are paid, flag their account for access to restricted sections.
It sounds like you need to get your Spring Registration controller to call the Auth0 management API to create a user within Auth0 - Auth0 Management API v2
yes that is where exactly I am, but there does not seem to be any documentation on how that’s achieved in the controller. There are plenty of examples on how to protect resources in Java, JavaScript, PHP, etc, etc but nothing on this subject.
The current advice seems to be: -
‘Just let anyone sign up, and restrict access to portions of the site unless they pay.’
I do not see the point in signing up in that case, just go to the site anyway without signing up.
Bit confused on their use case as well. Why would I sign up in the first place, unless I wanted access to restricted areas?
The docs regarding the hooks are one possible use case. In thinking about this, the hook is probably not the best way, as you cannot redirect.
There’s a few approaches here, one is to use a redirect rule:
User registers (or signs in)
Auth0 rule chain fires
Redirect rule checks to see if user has paid. If so, continue, if not, redirect to the payment page
On continue, user has paid (or fail the login process).
This will create the user, but will not let him log in until he has paid.
Or you can create the user via the MGMT API as suggested.
You could force the user to pay, and send a token to the registration process, and use the preregistration hook to verify this token.
I had already read the first link (as I am in dev/staging currently) but it did not have any examples in Java. However, I just checked the second link and BINGO, Java examples for my controller. Somewhere to start at last.
For anyone that gets here whilst searching for a similar issue, my final approach was.
Turn off signup for auth0
My own customized registration process is used to collect the users details and payment
At the end, once the customer checks the T&C’s my Spring Backend creates the User using the Auth0 management API as mentioned above. The creation process automatically sends the new user a verification email using a template you can design on the Auth0 dashboard.
Now my Spring backend and Auth0 are in sync.
Using the Auth0 management API is quite straight forward and well documented, for links see Peter Goffin’s comments above. The second link gives all the code you need to get started.