We’ve got an admin panel where users are created and are then invited to the organization. When we are creating the user we are generating a random secure password so we want to user to change their password.
- User created with random password
- User is invited to the organization
- Invitation url consists of the Application Login URI + invitation id and org id
- (Stuck here) User changes password and accepts the invitation by clicking on the link
The documentation can be a little confusing especially with the classic and new universal login. As I understand it the post reset password flow for the universal login uses the client ID to redirect to the Application Login URI. But because the user has not accepted the invitation yet they don’t exists in that organisation yet.
I haven’t seen an endpoint to accept the invitation so does that mean that I would need to do it manually in the backend by adding the user to the organization and then remove the invitation or am I missing something here.
Ideally I would want to user to be redirected to the /authorize endpoint after the password reset but I don’t see a way to pass the necessary information through post password reset