As I understand this flow requires two emails, one to verify the email and a second one for the reset-password flow. Is there a similar Auth0 approved flow that only involves one email? For example using the redirect from the email verification ticket to go to a page that sets a password?
Yes so the flow described there is the flow we highly recommend as it’s also relatively easy to implement. Have never thought before about handling it with one mail but I gave it a thought and you can achieve that but it require a little bit more hustle. Here’s the thing:
You can technically make all of the emails verified by default, but if you by any chance enter a wrong email address, it’ll still be there.
So technically you would only have to send out the password reset email
You can create the user, then patch it with verify_email: true and email_verified: true, and then send out the password reset email but that way, all of the emails would be verified without an email being sent out to confirm to the end-user.
Thank you @konrad.sopala for the helpful response. If we were going to automatically verify the email, why not do it after the user sets the password? I’m guessing there is a webhook we could subscribe to from auth0 for the password reset or even do it from an auth0 rule that way we don’t have to automatically mark emails as verified until the user takes some action to claim their account.
We are currently seeking feedback to improve our User Invitation flow. If you have a moment, please take a second to checkout this feedback opportunity with one of product managers.