User invitations using the change password flow

ddegroot1985 · February 20, 2024, 7:35am

We are trying to create a flow where our system prepares a user account and then sends out an invitation email so that the user can verify their email and set a password. For this I have found the following article: https://auth0.com/docs/customize/email/send-email-invitations-for-application-signup

I am using the C# libraries to do this Auth0.AuthenticationApi and Auth0.ManagementApi

The documentation (the article linked above) tells me to do the following:

Create a user
Create a password change ticket
Modify the email template

The documentation is not clear on how to actually send the email. Creating a ticket by itself does not send any emails and I can not find an endpoint to send the change password email manually based on the created ticket. I have found another endpoint where you can initiate a change password flow without creating a ticket: https://auth0.com/docs/api/authentication#change-password

However, doing it that way I have less options available to me, it is for example not possible to set a return url (ResultUrl).

My question is, how do I send an email based on the auth0 change password template using the url from the ticket?

    public async Task<(Result Result, string UserId)> CreateUserAsync(string email)
    {
        var authClient = new AuthenticationApiClient(_auth0Config.Domain);
        var tokenResponse = await authClient.GetTokenAsync(new ClientCredentialsTokenRequest
        {
            ClientId = _auth0Config.Management.ClientId,
            ClientSecret = _auth0Config.Management.ClientSecret,
            Audience = _auth0Config.ManagementBaseUri,
        });

        var managementClient = new ManagementApiClient(tokenResponse.AccessToken, _auth0Config.Domain);

        // Create new user
        var newUser = await managementClient.Users.CreateAsync(new UserCreateRequest
        {
            Email = email,
            Connection = "Username-Password-Authentication",
            Password = RandomStringGenerator.Generate(16),
            EmailVerified = false,
            VerifyEmail = false
        });

        // This works but we can not specify a ResultUrl :(
        /*
        await authClient.ChangePasswordAsync(new ChangePasswordRequest
        {
            ClientId = _auth0Config.Management.ClientId,
            Connection = "Username-Password-Authentication",
            Email = email,
        });
        */

        var ticket = await managementClient.Tickets.CreatePasswordChangeTicketAsync(new PasswordChangeTicketRequest
        {
            UserId = newUser.UserId,
            ResultUrl = _appConfig.AppUrl
        });

        // How do send an email using the ticket url (ticket.Value)?

        return (Result.Success(), newUser.UserId);
    }

yuramag · October 20, 2024, 3:25pm

I understand that user invitation is a common functionality, and I believe many users would benefit from a simpler implementation process within Auth0.

While I appreciate the documentation on sending email invitations for application signup (Send Email Invitations for Application Signup), I found it challenging to follow the steps for sending the actual invitation email after generating the password change ticket.

Here’s what could be helpful:

Clearer explanation: Perhaps an additional step-by-step guide could be added to the documentation specifically focused on sending the invitation email with the password change ticket link.
Code example: Including a code snippet demonstrating how to integrate this process with an application would further illustrate the concept.
Community feedback: It seems like others in the community are facing similar challenges based on the forum discussions. Highlighting successful implementation stories from other users could also be valuable.

By incorporating these suggestions, I believe the documentation would be more user-friendly and empower users to implement user invitations effectively.

peter.fernandez · October 22, 2024, 3:59pm

Folks

I appreciate this thread has been somewhat “lingering” for a while, but I recently came across this and just thought I’d hop on to share some additional information/context - primarily in light of some of the comments mentioned here…and also for folks who might come across this thread in the future

During our dev_day event this year, we introduced a Lab detailing a mechanism for folks to implement invitation-based workflow using the out-of-the-box Auth0 Organizations feature. Primarily a feature supporting B2B SaaS, the Organizations capability in Auth0 can also be used to implement invites in a B2C context, and leverages much of the Auth0 platform functionality that comes as standard. For more details, take a look at the Implement an Invite Workflow With Auth0 Organizations, and feel free to provide feedback as we’re always looking to improve the functionality the platform offers

Hope this helps

Topic		Replies	Views
Auth0 Invite User Help management-api , users	2	1663	March 4, 2023
Welcome Email -> Password Change Help	3	4273	February 22, 2022
Get Password Change Ticket URL into Password Change email template Help emails , management-api	0	1286	April 9, 2023
Create New User & Send email for changing password - HELP with ManagementAPI Help auth0 , management-api , login	0	3469	October 8, 2019
Ambiguity in "Send Email Invitations for Application Signup" docs Help	9	2880	June 29, 2023

User invitations using the change password flow

Related Topics