I was wondering if it is possible to impement the following flow using auth0 (the steps are described from my understanding of reading various documentation on invitation flows):
User is programmatically created with a random password and email_verified = false.
An email is sent to the user based on the email provided in step 1.
The email contains a link that leads the user to a page to input a password OR complete the registration using a social login
The user is registration is completed. Follow up logins can be done with password if the user has set their password or using an external social id provider. A rule is also in place to merge the 2 different accounts together.
Yes, you can do this, it will require some effort.
If you want to do this exactly as specified, you’ll have to host a password reset page yourself with the appropriate functionality. In particular, it will either take a password and set it, or it will allow the user to log in via social and then link the accounts.
A different approach is to always make the user set a password, and give them the option to link a social account. The UX is a little different, but this approach allows using more “OOTB” components of Auth0.
John
You can get a password reset ticket and mail it to the customer with appropriate wording.
Then customize the password reset page so that they can
thank you for the prompt reply. When using a custom password reset page as per your suggestion,
I know it possible to either update the password through the Management API, is it also possible to programmatically “redirect” the user to a social login page through the Management API as well?
You will need to have the user authenticate to the social provider (this is critical) via a 302 redirect flow, then use the mgmt API to do the linking.