I am trying to follow this guide for user invites: /docs/customize/email/send-email-invitations-for-application-signup
However, for the flow described as:
User submits password.
Change password screen redirects return URL.
Target app redirects to /authorize.
User submits their credentials.
User is authenticated into the app.
Steps 4 is redundant given that the user has just reset their password.
Is it possible to make the authorization complete automatically based on the password reset?
Unfortunately, due to the behaviour of password reset flows, the user cannot be authenticated automatically after a password change/creating a password because the action invalidates all current sessions a user would have active and prompted to re-authenticate on any application.
However, since the user receives an application signup invite, this would make sense to act more like a signup event rather than a password change. I would advise to post on our feedback page regarding implementing this feature!