User invitations using the change password flow

ddegroot1985 · February 20, 2024, 7:35am

We are trying to create a flow where our system prepares a user account and then sends out an invitation email so that the user can verify their email and set a password. For this I have found the following article: https://auth0.com/docs/customize/email/send-email-invitations-for-application-signup

I am using the C# libraries to do this Auth0.AuthenticationApi and Auth0.ManagementApi

The documentation (the article linked above) tells me to do the following:

Create a user
Create a password change ticket
Modify the email template

The documentation is not clear on how to actually send the email. Creating a ticket by itself does not send any emails and I can not find an endpoint to send the change password email manually based on the created ticket. I have found another endpoint where you can initiate a change password flow without creating a ticket: https://auth0.com/docs/api/authentication#change-password

However, doing it that way I have less options available to me, it is for example not possible to set a return url (ResultUrl).

My question is, how do I send an email based on the auth0 change password template using the url from the ticket?

    public async Task<(Result Result, string UserId)> CreateUserAsync(string email)
    {
        var authClient = new AuthenticationApiClient(_auth0Config.Domain);
        var tokenResponse = await authClient.GetTokenAsync(new ClientCredentialsTokenRequest
        {
            ClientId = _auth0Config.Management.ClientId,
            ClientSecret = _auth0Config.Management.ClientSecret,
            Audience = _auth0Config.ManagementBaseUri,
        });

        var managementClient = new ManagementApiClient(tokenResponse.AccessToken, _auth0Config.Domain);

        // Create new user
        var newUser = await managementClient.Users.CreateAsync(new UserCreateRequest
        {
            Email = email,
            Connection = "Username-Password-Authentication",
            Password = RandomStringGenerator.Generate(16),
            EmailVerified = false,
            VerifyEmail = false
        });

        // This works but we can not specify a ResultUrl :(
        /*
        await authClient.ChangePasswordAsync(new ChangePasswordRequest
        {
            ClientId = _auth0Config.Management.ClientId,
            Connection = "Username-Password-Authentication",
            Email = email,
        });
        */

        var ticket = await managementClient.Tickets.CreatePasswordChangeTicketAsync(new PasswordChangeTicketRequest
        {
            UserId = newUser.UserId,
            ResultUrl = _appConfig.AppUrl
        });

        // How do send an email using the ticket url (ticket.Value)?

        return (Result.Success(), newUser.UserId);
    }