How to signup new users to my paid for application. Using Authentication API

My scenario is:

  1. Spring Boot API (protected by auth0) and working fine.
  2. Angular SPA (protected by auth0) also working fine.

Final part of the project. User signup.

I cannot use the Auth0 signup because it let’s all and sundry access to my application.

I have a custom registration process where I collect all the users information, then they are charged (using Braintree API) finally once all this has completed I want to create a new user in my SPRING controller.

I went here. https://auth0.com/docs/api/authentication?http#signup

Does not help, no java example, no instructions about how to get access to the authentication API to make a call in Java.

I tried to follow some instructions regarding machine to machine applications which I have set up.

Now I am sitting at my desk looking blankly at my Spring Registration controller wondering how to code the request to create a new user.

Does anyone have an example or step by step instructions on how one of the most common use cases on the web is implements.

Just to be clear.

User visits my site ====> User signs up and makes a payment ====> User account is created in Auth0 and verification email is sent =====> User gets access to web site.

All working except the account creation in Auth0, and 1 week later still no progress on how it is done.

Do you support this use case at all?

Thank you in advance for any answers that might help me to get my new startup portal online using Auth0.

Finally… Help… getting desperate

Hey pgoudman,

Take a look at the pre-registration hook:

Use this hook to process the payment.

John

I think a better solution, though, is to allow users to sign up if paid or not, and when they are paid, flag their account for access to restricted sections.

John

It sounds like you need to get your Spring Registration controller to call the Auth0 management API to create a user within Auth0 - https://auth0.com/docs/api/management/v2/#!/Users/post_users

Hello John,

thank you for your prompt replies.

  1. Pre-User-Registration Extensibility Point

From the page: -

“This allows you to implement scenarios such as setting conditional information (in the form of metadata) on users that do not exist yet.”

Does not allow for pre-payment? Not sure how it will help, just adding a few attributes to the users metadata.

  1. Just allow anyone to sign up does not allow for pay only site?

Looks like the inability to create a new user from our API server means we have to re-think the whole use case.

Thank you for your answer which appears to indicate that we allow all and sundry to sign up and worry about payment later.

Regards
Peter

Hi Peter,

yes that is where exactly I am, but there does not seem to be any documentation on how that’s achieved in the controller. There are plenty of examples on how to protect resources in Java, JavaScript, PHP, etc, etc but nothing on this subject.

The current advice seems to be: -

‘Just let anyone sign up, and restrict access to portions of the site unless they pay.’

I do not see the point in signing up in that case, just go to the site anyway without signing up.

Bit confused on their use case as well. Why would I sign up in the first place, unless I wanted access to restricted areas?

Thanks for your comment
Regards
Peter

Hi Peter

The docs regarding the hooks are one possible use case. In thinking about this, the hook is probably not the best way, as you cannot redirect.

There’s a few approaches here, one is to use a redirect rule:
User registers (or signs in)
Auth0 rule chain fires
Redirect rule checks to see if user has paid. If so, continue, if not, redirect to the payment page
On continue, user has paid (or fail the login process).
This will create the user, but will not let him log in until he has paid.

Or you can create the user via the MGMT API as suggested.

You could force the user to pay, and send a token to the registration process, and use the preregistration hook to verify this token.

John

You need to create a REST request to the Auth0 management API with an access token you have obtained prior to making the request to create the user.

These links should give you the details on how to get the access token for the API. The second link includes code snippets that show you how to use the access token to call the API - https://auth0.com/docs/api/management/v2/tokens
https://auth0.com/docs/api/management/v2/get-access-tokens-for-production

Hi Peter,

I had already read the first link (as I am in dev/staging currently) but it did not have any examples in Java. However, I just checked the second link and BINGO, Java examples for my controller. Somewhere to start at last.

Big thanks for pointing this out.

Regards
Peter

Hi John,

thank you for your reply.

For anyone that gets here whilst searching for a similar issue, my final approach was.

  1. Turn off signup for auth0

  2. My own customized registration process is used to collect the users details and payment

  3. At the end, once the customer checks the T&C’s my Spring Backend creates the User using the Auth0 management API as mentioned above. The creation process automatically sends the new user a verification email using a template you can design on the Auth0 dashboard.

Now my Spring backend and Auth0 are in sync.

Using the Auth0 management API is quite straight forward and well documented, for links see Peter Goffin’s comments above. The second link gives all the code you need to get started.

Kind regards
Peter

1 Like

Thanks a lot for sharing that with the rest of community!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.