Invitation-only flow with password setting and/or social logins

General
,
#1

Hello,

I was wondering if it is possible to impement the following flow using auth0 (the steps are described from my understanding of reading various documentation on invitation flows):

  1. User is programmatically created with a random password and email_verified = false.
  2. An email is sent to the user based on the email provided in step 1.
  3. The email contains a link that leads the user to a page to input a password OR complete the registration using a social login
  4. The user is registration is completed. Follow up logins can be done with password if the user has set their password or using an external social id provider. A rule is also in place to merge the 2 different accounts together.

Any help on this will be greatly appreciated

#2

Hi @Orfen

Yes, you can do this, it will require some effort.

If you want to do this exactly as specified, you’ll have to host a password reset page yourself with the appropriate functionality. In particular, it will either take a password and set it, or it will allow the user to log in via social and then link the accounts.

A different approach is to always make the user set a password, and give them the option to link a social account. The UX is a little different, but this approach allows using more “OOTB” components of Auth0.

John

You can get a password reset ticket and mail it to the customer with appropriate wording.
Then customize the password reset page so that they can

1 Like
#3

Thanks for helping on this one John!

#4

Hi John,

thank you for the prompt reply. When using a custom password reset page as per your suggestion,
I know it possible to either update the password through the Management API, is it also possible to programmatically “redirect” the user to a social login page through the Management API as well?

Thank you

Client Credentials Authentication via Pre-register Auth0 hook
#5

Hi @Orfen

Check out Auth0’s docs on account linking.

You will need to have the user authenticate to the social provider (this is critical) via a 302 redirect flow, then use the mgmt API to do the linking.

John

2 Likes
#6

Here are our docs on account linking:

#7