I’ve got a query about password management and user verification, which I’ll try and describe using a hypothetical situation below.
On one tenant, we have two applications configured. Applications A & B. Application A was set up as the first application in Auth0, and we have added application B later on. Currently users can move between both applications, or be limited to just the one.
Within application B we have some user admin tools, which can be used to create users in Auth0 and gives them access to application B. When a new user is created, we want them to be sent a verification email, which then prompts them to set their password. The person setting up the new user does not set their password.
All of the above works fine for us, but we hit a snag when it comes to making sure that the user is verified in the context of their own application.
When application A was set up, someone followed this post to get the verification and password functionality working. Whilst this does the job, it’s also forcing you to set a clientId within the action, so any emails sent for application B are redirecting the user back to application A instead.
I’ve followed the guide on https://auth0.com/docs/customize/email/send-email-invitations-for-application-signup. My understanding of that guide is that if I generate a password change ticket, I’ll need to send an email separately rather than via Auth0 which we don’t want to do.
I’ve also seen suggestions to use organizations instead. I got that working and sending an email that redirects a user correctly - but it was asking for them to enter their password which they don’t know yet!
In summary, is there a way to send verification/password reset emails to users from an application, whilst ensuring they are redirected back to that application when they are done?