In here, we have the following flow :
- A conversion funnel, where the user leaves an email
- A customer space application (SPA), where the user can find back the information she sent in out conversion funnel
What we are trying to achieve is, when a user finishes our conversion funnel successfuly, to send an “invite email” on his email. With this email, we comes to an universal signin / signup form, and is given some permissions (and associated, securely (non-forgeable), with some data of our own, located both in our databases and CRM). If the user signin using a provider (or even a previous-made email/pwd account), the data is associated with him. If the user signups, the user is created and the same association occurs.
Last day, I was inviting my developer to Auth0, and I noticed that the Auth0 internal… auth0 flow, is exactly what we want. Think of it :
- When you want to “invite some admin” to Auth0, you go here https://manage.auth0.com/#/tenant/admins
- You type an email
- The person receives an email with a link. This link is very similar to a /authorize one, but is augmented with a
?token=XXX(which is not a jwt). This token seems to be an associative-token
- If the user signs in (or even signs up, I believe), his account is either created+granted-admin (signup) or just granted-admin (signin)
This behavior is pretty cool, I like to guess that Auth0 is using Auth0, and I’m trying to achieve the exact same behavior. So any information on how to accomplish this with a clever flow, a bunch of rules and I guess some external service ?
EDIT: some things to note :
- We don’t want that app to be invite only. We want to keep auto-signupable feature
- We need providers like Google and Facebook
- We definately just need something exactly like Auth0 internal subscription (let user signup / social signin, and invite him to have specific role)