Auth0 Home Blog Docs

Recommended way to implement invite-only flow with one email?

#1

The docs here recommend an invitation implementation for invite-only applications: https://auth0.com/docs/design/creating-invite-only-applications.

As I understand this flow requires two emails, one to verify the email and a second one for the reset-password flow. Is there a similar Auth0 approved flow that only involves one email? For example using the redirect from the email verification ticket to go to a page that sets a password?

#2

Hey there @constantine.dm!

Yes so the flow described there is the flow we highly recommend as it’s also relatively easy to implement. Have never thought before about handling it with one mail but I gave it a thought and you can achieve that but it require a little bit more hustle. Here’s the thing:

You can technically make all of the emails verified by default, but if you by any chance enter a wrong email address, it’ll still be there.

So technically you would only have to send out the password reset email

You can create the user, then patch it with verify_email: true and email_verified: true, and then send out the password reset email but that way, all of the emails would be verified without an email being sent out to confirm to the end-user.

Hope it helps some way!

#3

Thank you @konrad.sopala for the helpful response. If we were going to automatically verify the email, why not do it after the user sets the password? I’m guessing there is a webhook we could subscribe to from auth0 for the password reset or even do it from an auth0 rule that way we don’t have to automatically mark emails as verified until the user takes some action to claim their account.