I generate a URL for a page where users can directly sign up by adding the prompt=login&screen_hint=signupparameter to the /authorize endpoint URL.
reference
Can I set an expiration date for this URL?
I need to prevent users from signing up with an expired URL.
That’s an important restriction from a security perspective.
Hi @t.fukao,
Welcome back to the Auth0 Community and thank you for your post!
The /authorize is designed to initiate an authentication/authorization flow and it is not natively created to support adding an expiration date, so unfortunately there is no out of box solution to set an expiry time to the URL itself.
However though, I totally understand your perspective, so the recommended way of implementing a signup flow that has a set expiration time is through Sending Email Invitations for Application Signup.
It is mentioned in the outlined documentation to:
Specify the lifespan of the invitation link. Use the
ttl_secparameter to set how long the invitation link will remain active. Thettl_secparameter should align with your relevant security concerns. The link is a one-time use, so once the user has set their password, it is not vulnerable to reuse.
Additional information on setting this up can be found under this Knowledge Article.
I hope this helps!
Best regards,
Remus