What triggers the sending of a User Invitation email?

Just for documentation purposes, I’ll quickly outline how I solved sending user invitation emails without using the organisation features.

The premisses for this solution:

  1. Users are not allowed to sign up them selves, they can only obtain an account by invitation.
  2. User / passwords are stored in a database.

The invitation workflow then looks like:

  1. Invite a user by creating a new user using the Management API https://auth0.com/docs/api/management/v2#!/Users/post_users endpoint, with email_verified set to false and a randomly generated password. This password will not be communicated to anyone and will never be used.
  2. Trigger an interactive password reset flow as described here (Change Users' Passwords), which means we send a request to the Authentication API Create a password endpoint.
  3. Auth0 will then send the Change Password email template. We adapted that template, both the subject and the body, in such a way that it will be an invitation email if the user email is not yet verified, and a normal password change email if that has been verified. The subject for example is:
    {% if user.email_verified %}Change password for{% else %}Welcome to{% endif %} {{ friendly_name }}
  4. If the user clicks the link in the email, the Password change page will be shown. One could customize that page as well, but we just customized the texts, such that they will both make sense for setting the password for the first time after an invitation as for resetting the password if the user had triggered the password reset flow him/herself.
  5. One the password has been set by the user, Auth0 will automatically set the email_verified property of the user to true and this invitation workflow can be considered done.
13 Likes