Auth0 Home Blog Docs

Invite Process using Reset Password

invite-only
reset-password

#1

I am currently working on an invite-only application and would love some insight into the auth0 invite-only process. After looking at the documentation and the example (https://auth0.com/docs/tutorials/creating-invite-only-applications) it seems like in order to accomplish this my application will have to:

  1. Create the user through auth0
  2. Send out the invitation link
  3. Manually change the password and update the user

I was wondering if it is possible to avoid step #3 and instead take advantage of the Reset Password workflow that auth0 provides. This would make everything more consistent by using the same reset password page and would make development quicker.

I looked at some options where I could send out 2 emails (verification email and reset password email), but that is not ideal and for a user it does not look like an invitation to join my app.

So, is there any way to invite a user into my application with these things in mind:

  1. Application creates the user.
  2. Application sends out one invitation email that contains a reset password link and takes advantage of the reset password functionality of auth0.
  3. User logins in =D

#2

The documentation you linked to shows how you can provide a completely different experience for users that are invited versus users that are just resetting their passwords.

In theory, if you are okay with using the same reset password page then you can consider creating the user with the email already set to verified, prevent any built-in emails from being sent, request a password change ticket to be generated through the Management API and send your custom invitation email with a link to the password change ticket. Given you will be creating the user with a random password the only way for them to access the account is to use the change password ticket delivered to their email which proves ownership of the email in question.


#3

How do we handle, when the user before clicking on verify/change password link tries to reset password? Thanks


#4