Feature: Support passwordless connections in organization invitations
Description: This limitation is documented, but it seems very arbitrary – I am still able to authenticate users via passwordless with their organization, just not on the initial invite? This creates a pretty poor user experience.
Use-case: I have a B2B use case and I never want to support password-based authentication. So, the organizations I’m creating suport only social and passwordless logins. For example:
But the really weird thing is that, even though I don’t have a db connection configured, the user is still prompted for entering a password (and it does allow them to authenticate).
As a workaround, I can send invitations via the Google connection. The user experience there is great…Until they log out and log back in and then get prompted with the passwordless flow. Then, they get an error saying they aren’t part of the organization because they’re a different user on the Auth0 backend since they used a different connection!
And I don’t think I can merge the users since they aren’t authenticated yet, unless I do some janky stuff like try the callback request again without the org id, then merge them. So my workaround for that is to allow Membership on Authentication. Three problems though:
a) now I have a security problem since anyone can sign up for any organization in my app if they get the org id
b) I will have two of every user, or I have to now go and implement merging
c) I can only support social logins going forward
I’ve run into the same issue, and am attempting with a single email connection enabled for an organization.
The documentation states " You cannot create passwordless users from the Auth0 Dashboard. Create them directly from the Management API.
I took that to mean I also couldn’t send an invite via the dashboard, but I could via the API, which I tried, but upon clicking the invite link I am prompted to enter a password. And if I explicitly specify the connection_id when generating the invite I get a 400 “Passwordless connections are not supported” error.
Would be great if you could clarify the current/planned state of passwordless with organizations. The following comment implies that passwordless for organizations is available, but perhaps not the extent.
Passwordless + Organization Invites is currently not supported and isn’t currently prioritized. If you have any more info about use case that would be helpful for our team.
Our use case is a B2B platform for employees at large companies to take a survey a couple times a year. We think passwordless makes sense for this use case. It will be simpler for them not to need to create and track passwords. Also, if an individual leaves an organization and loses access to their work email, it’s appropriate that they naturally lose account access without any action on our part, which would not happen if they were simply using credentials.
I’m not an expert in authentication, but it seems like passwordless is the direction the industry is headed, as popularized by apps like Slack. I certainly would prefer my users not have to manage yet another password.
Auth0 now has several hungry young competitors who all support this out of the box:
Frontegg
Clerk
Stytch
Propel
If Auth0 is serious about playing in the B2B SaaS/Organizations space, this seems like a no-brainer. If not, I guess I need to explore the competitors more seriously for my use case.
Checking if there is any update on this. We would really like to migrate to passwordless connections and are just waiting on the organization invite to work.
expanding our use case - we invite people who don’t necessarily use google. and want them to be able to login using passwordless, not password. seems like currently we have no choice but to allow them to login with password.
Hi, @dan.woda
Please, is there any updates on this request?
We have a similar B2B SaaS/Organizations use case, where the default connection is Passwordless (email). Despite having only the email (passwordless) connection enabled, when I initiate an invitation through the API without specifying the connection, users are prompted to enter a password they won’t actually use. And if I explicitly specify the connection_id when generating the invite I get a 400 “Passwordless connections are not supported” error. I am puzzled that the invitation isn’t seamlessly working for the Passwordless connection.
Could you please provide an update on when this issue will be addressed?
Hi. Is there any real way to actually use Passwordless with Organizations? We cannot use “Membership on signup”, because that would defeat the purpose of having Organizations, but yet we cannot create new passwordless members since this thread highlights the 400 error that is thrown on the API, so the feature seems entirely unusable at this time.
I’m not sure to know what you are meaning with “passwordless” but I manage to send invitation link with google_oauth inside an organization. You have to create an endpoint inside your app to redirect to /authorize url.
With passwordless do you mean a magic link like slack does ?
Pretty silly that we can enable passwordless email connection for an org, disable user/pass connection (and have the database auth have new signups disabled), and yet the org invite flow still shows the user/pass signup and allows new signups via this method…this is poor design and completely renders passwordless connection useless for orgs.
I don’t understand. How is Passwordless for Organizations not supported? Did it not make it to GA? Why does the pricing page show passwordless available for B2B plans? What good is passwordless for B2B wihout support for organizations?