Auth0 Home Blog Docs

Invite Only Flow using Hook

auth0
api

#1

I would like to implement an ‘invite only’ registration flow using the provided Auth0 ‘post registration’ Hook. I would like to avoid adding custom code to my application.

This example, https://auth0.com/docs/design/creating-invite-only-applications, requires custom code in my application, but I think this can be done via the Hooks feature provided through the Auth0 Dashboard.

Here is my ideal flow:

  1. I create a new user in the Auth0 dashboard
  2. That triggers and sends a reset password email to the user’s email address
  3. When the user clicks the link in the email they are taken to Auth0’s provided reset password page
  4. Upon the user resetting their password, they are logged into the app

Can anyone provide sample code for accomplishing this in the post registration Hook?


#2

Here is my solution.

  1. Disable the welcome email

  2. Add a Rule with the following code:
    function (user, context, callback) {
    // Rules only fire when a user has logged in
    // If the user logs in that means they have
    // reset their password via the email we sent
    // Hence, email verified
    if (!user.email_verified) {
    user.email_verified = true;
    }
    return callback(null, user, context);
    }

  3. Add a ‘Post User Registration Hook’ with the following code:

    module.exports = function (user, context, cb) {
    

    var auth0 = require(‘auth0@2.6.0’);
    var authClient = new auth0.AuthenticationClient({
    domain: ‘.auth0.com’,
    clientId: ‘’,
    clientSecret: ‘’,
    });

    var userAndConnection = {
    email: user.email,
    connection: ‘Username-Password-Authentication’,
    connection_id: context.connection.id,

    }
    authClient.requestChangePasswordEmail(userAndConnection, function(err, result){
    cb(null, user, context);
    });
    };

Done