We need to allow users to access our application but we don’t want to let anyone to create an account, so we create users for them on our backend.
Currently our process involves setting a new user on Auth0 with a random password and a forgot password email so they can set a new one without us knowing it. As we received some complains from our users stating this seems suspicious, we want to improve they experience.
By looking at the documentation it states:
- I need to make call to the ticket API and get a reset link and send a custom email from our backend, loosing all the styling already managed in Auth0 side.
- If I create the link using the ticket API, they will still get redirected to the forgot password page. I’ve found in the documentation that I can get an invitation UI adding a hash parameter like stated in Send Email Invitations for Application Signup but I see no change once I open it. Looking at the settings page in Auth0, I see some customization for “Invite…” but I’m not able to see it.
I’m also confused as in some places the documentation states that I need to use some custom email and form, but once I enable this features (custom email or custom forgot password change for example), we loose all the styling already handled in Auth0 so we would have to re-implement them in auth0 and in our side if we want to make any changes, which seems a bit of an overkill, I was expecting to get this link from the ticket API and set the language I want for the invite template on Auth0 side and no extra changes.
Could someone shade some light on this?
HI @george_sb,
Welcome to the Auth0 Community!
As you’ve discussed, there are two main ways to implement a user invitation flow: customizing an email template and sending a change password email OR creating a password change ticket.
The password change ticket endpoint returns a URL that you are responsible for sending to the user.
The customizing the email template and ending the change password email requires you to customize the change password email template as described here and then sending that template to users via the Management API.
If you want the language to be changed, you will need to follow the customizing an email template and sending a change password email instructions as the password change ticket endpoint only returns a URL.
Relevant Community articles:
Please let me know if you have any additional questions!
Thanks,
Mary Beth
Hi! Thanks for responding! And yes, I have some questions…
In the first link it states that:
If it is desired to create the password change ticket, the only customization needed is for the password reset UI using query parameters since the password change emails will not be used.
According to this, I shouldn’t need to do extra changes other than adding a parameter, which parameter?
What does it mean to create the password change ticket, looking at the API, the create ticket endpoint will return me a link to use and send to the client in an email, but won’t trigger an email, am I wrong in this?
If I need to create a custom email or custom change password form, can I do something ot not loos all the already used styling? Once I enable these features, the UI looks completely different.
Hi @george_sb,
Yes, if you go the password ticket route, all you need to add are the parameters listed here: Auth0 Management API v2
Creating the ticket yields a ticket URL. You are responsible for sending that URL to the customer. You are correct that Auth0 will not trigger an email.
You can copy and paste the existing email templates and save them for reference.
Thanks,
Mary Beth