I’m new to Auth0, so please allow some room for my own lack of knowledge about Autho0 features.
My product is an included digital product that comes with the purchase of a physical product. Before allowing a potential user access to my product, I want to validate them by asking for a sales channel (Amazon, WalMart, my own web site, etc.) and their order number.
Only after I’ve verified that they are a customer do I want to allow them to create a set of login credentials with Auth0. It seems like just anyone with a link to the login page can get an account, though.
How do I restrict potential users to just those that meet some pre-qualification criteria like I’ve mentioned above? I can of course handle the pre-authorization lookup on my end, but I don’t see how to use a “Go/No-Go” decision to restrict users from creating an account.
Can I get a pointer to some docs on how to do this kind of thing?
Thank you for posting your question, for the described flow I would advice to you to go with the Pre-user Registration Trigger Action, that will make a call to the 3rd party sales channel and based on the feedback deny or allow the registration to your application. You can check the docs about that here → Pre-user Registration Trigger
In my trigger code, I’ll have to call back to my own server on some pseudo-secured endpoint to look up the order number of the user that’s trying to sign up for an account.
I’m imaging a simple API call through an XMLHttpRequest object, unless you tell me there’s some other, preferred way to make such a call.
Is there a way that I can securely include a static API key or something in the calls from the Trigger script to my server?