invite user

Question

I have an app in which users are invited by an admin using an email now I m wondering Do I create the Supertokens user first and then invite the user to register for an account in my app Do I create an account in my app s database and then have the user signup using a special link to fill in his details for Supertokens What s the general way of going about something like this The user account will have to be coupled to a company for example

rp · Answer

> Do I create the Supertokens user first and then invite the user to register for an account in my app This is the easiest way We have a guide for it as well https supertokens com docs thirdpartyemailpassword common customizations disable sign up overview

miguelstevensbe · Answer

Hi < rp> thanks so I won t be using the EmailPassword recipe but the ThirdParty one

rp · Answer

you can use the email password one as well

rp · Answer

up to you

rp · Answer

essentially you have to white list the email ID somehow and then when they sign up check the whitelist to see if they can sign up

rp · Answer

or let them sign up but then have their app in a not approved state until you manually approve it

rp · Answer

different ways of implementing this Depends on the UX you want

miguelstevensbe · Answer

Okay and about the meta data is it worth saving data like the company id to which the user is invited into Supertokens or save all of this info in my own database I m not sure what the most common way is Which related data do you keep in Supertokens and which one in my own app

rp · Answer

you could store in user metadata as long as you want to fetch that info based on user id For example if you want to get all users in a company id then you should not use our metadata feature and instead just store in your own db

miguelstevensbe · Answer

Right good point Thanks a lot

miguelstevensbe · Answer

Hey < rp> I m sorry one more question I m not sure if I should create a new thread for it but If I want to include my own custom data from my DB into the session do I fetch it in the `Session init ` override method `CreateNewSession` Is that the recommended way

rp · Answer

yes it is the best way Also questions on new topics should be in a new thread

miguelstevensbe · Answer

Good I ll remember thanks

miguelstevensbe · Answer

Hi < rp> I ve got a follow up question for the user invitation way of doing things so as you recommended I invite a user which creates a default user in supertokens with a hard coded password I create the user in my local db I then send a password reset link to that user so he can choose his password But I m wondering what if the invite has been revoked when the user sets his new password can I do a check in my local db to see if the invite is still valid Thanks

rp · Answer

yea you can To revoke an invite you can simply create a new password reset token for the user and then call the reset password function with the same hardcoded password This will revoke all the previously generated password reset tokens When the user clicks on the link and tries to enter their new password it will fail to verify the user s password reset token thereby preventing them from changing the password

miguelstevensbe · Answer

This does mean the user will still be around in the system shouldn t I delete the user better

rp · Answer

oh yea sure you can

rp · Answer

that would be better

miguelstevensbe · Answer

I will test and see what happens when a user that is deleted clicks the link in the email reset password

rp · Answer

cool

miguelstevensbe · Answer

Thanks a lot