Inviting users with passwordless login - problem with email sent after invitation

I have passwordless login working fine for users created through the dashboard who then hit ‘login’ on the frontend.

However, when an ‘admin’ user is adding colleagues to ‘invite’ to the application, I have 2 problems :

  1. the user is creating fine in the DB via the Management API, however it is sending an email immediately with a log in link. This link doesn’t work - it just says “something went wrong” when clicked. I also don’t know why this happens? We’d prefer to send a welcome email or email verification email - why is it sending a login email straight away on account creation?

  2. This email is being sent via my M2M application/API - so it says "sign in to {name of API} rather than {name of my actual application} - how do I fix this? Weird behaviour?


there’s a few similar q’s with no satisfactory answers e.g. here

The primary problem is that the magic link the user is receiving from my M2M application isn’t working to log them in to the actual application (regular web app).

The flow is :

  1. Create user with management API via a form on frontend
  2. user is receiving an immediate email with a magic link from the M2M app NOT the actual application
  3. the magic link doesn’t work - it presents an auth0 error page saying ‘something went wrong’

I’ve tried updating my callback URL’s to simply http://localhost:3000 but that hasn’t helped.

In the lock template for the login page it is referencing the redirect URI like the below. Note that when logging in via the form (rather than the auto generated email from the mgmt API) it works fine.

So what do I need to do to either

a) stop the immediate email being sent out at all (no idea why this happens anyway)
b) make the magic link actually work - the one that is sent on account creation from the M2M application

var lock = new Auth0LockPasswordless(config.clientID, config.auth0Domain, {
      passwordlessMethod: 'link',
      auth: {
        redirectUrl: config.callbackURL,
        responseType: (config.internalOptions || {}).response_type ||
          (config.callbackOnLocationHash ? 'token' : 'code'),
        params: config.internalOptions

Another update on this.

I’ve found how to avoid sending the immediate email, by setting the email_verified parameter to true as per here. This seems like a really odd thing to do but there you go

So the main issue now is simply that the magic link doesn’t work when sent to a user who has been created via the Management API.

What am I missing? How do you make that first time link work on account creation via the mgmt API?