We’ve got an admin panel where users are created and are then invited to the organization. When we are creating the user we are generating a random secure password so we want to user to change their password.
Current workflow
User created with random password
User is invited to the organization
Invitation url consists of the Application Login URI + invitation id and org id
(Stuck here) User changes password and accepts the invitation by clicking on the link
The documentation can be a little confusing especially with the classic and new universal login. As I understand it the post reset password flow for the universal login uses the client ID to redirect to the Application Login URI. But because the user has not accepted the invitation yet they don’t exists in that organisation yet.
I haven’t seen an endpoint to accept the invitation so does that mean that I would need to do it manually in the backend by adding the user to the organization and then remove the invitation or am I missing something here.
Ideally I would want to user to be redirected to the /authorize endpoint after the password reset but I don’t see a way to pass the necessary information through post password reset
Instead of creating users manually, why not simply invite the user to the organization directly via email and skip step 1 ? This will generate an invitation where the user can sign up or sign in (if existing user).
I would like to jump in this discussion cause I’m exactly in that situation where I invite users not yet created within my tenant.
What is happening is when I use the invitation link, I’m going through my app then to my tenant with ‘invitation’ and ‘organization’ query params.
I end up in front of a login form telling me I have been invited (yay) and that I need to setup my password, perfect.
BUT when entering a password, I got an error (Wrong email or password).
And I can’t explain this, how my password or my pre filled email could be wrong as my user is invited?
It should set up the first password and create the user within my tenant, right?
Little update, my tenant had signups disabled.
With sign ups enabled, it works.
But it leads me to something else, could we authorize invited user to sign up but not others?