Hello ! It is my first time as a developper using Auth0, and i must say, the developer experience feels terrible, and i will not recommend it to my future clients without this feature.
I am in a similar situation, i started using Organizations as a main feature, alongside New Universal Login, and the disabling of sign-ups, which came up later as a necessity, broke my entire authentication tunnel.
The ugliest hack i could find is remove the “Sign up” text from the button in “Custom text”, replacing it with a whitespace, but it still appears because of a padding on this link.
Without this padding, days of trouble would have been fixed and this is not even a no-code UI customisation option.
I tried every succession of unicode characters in the different “Custom Texts” fields to make the ghost link overflow away, without success (nice UI job here, unfortunately for me)
And it prevents me from implementing Social logins, because of the way they work both as a sign-in and a sign-up, but this is not the subject nor an immediate issue for me.
I am now exploring the possibility to throw an error conditionally via a Pre-Registration hook, i am currently searching for the way to differenciate between a regular invitation and an organization invitation, but like J.krabs mentioned it does not seem to be an option…
Which leads me to this question
Do you have an ETA on this crucial feature ? I have read a lot of auth0 forums post asking for Invite-only flows in New Universal Login.
PS: Not the subject here either, but when register is enabled, and an organization invitation is sent, the Registration form is shown by default, even if said user previously had an account and was already authenticated.
I’ve had several testers confused about it, best way to fix this on my end is to authorize “Join on sign-up”, then using handleAuth from next-auth0, remove the invitationId from the URL params if the user already exist in Auth0, which leads to an organization-signin form, send a GET request to management API to check invitation status validity + email matching, for security, then send another GET request to check if the user already exist in Auth0, if not, i let the “invitationId” url param which then shows the initial “Sign-up” form to the user. Needless to say, very unintuitive nor documented way and it consumes a lot of Management API requests.
Thanks you very much for your time,