https://supertokens.com/ logo
invite user
m

miguelstevensbe

04/17/2023, 11:34 AM
I have an app in which users are invited by an admin, using an email, now I'm wondering, - Do I create the Supertokens user first, and then invite the user to register for an account in my app - Do I create an account in my app's database, and then have the user signup using a special link to fill in his details for Supertokens? What's the general way of going about something like this? The user account will have to be coupled to a company, for example
r

rp

04/17/2023, 11:40 AM
> Do I create the Supertokens user first, and then invite the user to register for an account in my app This is the easiest way. We have a guide for it as well: https://supertokens.com/docs/thirdpartyemailpassword/common-customizations/disable-sign-up/overview
m

miguelstevensbe

04/17/2023, 11:41 AM
Hi @rp , thanks, so I won't be using the EmailPassword recipe, but the ThirdParty one?
r

rp

04/17/2023, 11:41 AM
you can use the email password one as well
up to you
essentially you have to white list the email ID somehow and then when they sign up, check the whitelist to see if they can sign up
or let them sign up, but then have their app in a "not approved" state, until you manually approve it.
different ways of implementing this. Depends on the UX you want
m

miguelstevensbe

04/17/2023, 11:46 AM
Okay, and about the meta data, is it worth saving data like the company_id to which the user is invited into Supertokens, or save all of this info in my own database. I'm not sure what the most common way is. Which related data do you keep in Supertokens and which one in my own app?
r

rp

04/17/2023, 11:49 AM
you could store in user metadata as long as you want to fetch that info based on user_id. For example, if you want to get all users in a company_id, then you should not use our metadata feature and instead just store in your own db
m

miguelstevensbe

04/17/2023, 11:50 AM
Right, good point! Thanks a lot.
Hey @rp I'm sorry, one more question, I'm not sure if I should create a new thread for it but,? If I want to include my own custom data (from my DB) into the session, do I fetch it in the
Session.init()
override method:
CreateNewSession
? Is that the recommended way?
r

rp

04/17/2023, 2:58 PM
yes it is the best way. Also, questions on new topics should be in a new thread 🙂
m

miguelstevensbe

04/17/2023, 3:01 PM
Good! I'll remember, thanks
Hi @rp I've got a follow up question for the user invitation way of doing things, so as you recommended - I invite a user, which creates a default user in supertokens with a hard-coded password - I create the user in my local db - I then send a password reset link to that user so he can choose his password But I'm wondering, what if the invite has been revoked, when the user sets his new password, can I do a check in my local db to see if the invite is still valid? Thanks!
r

rp

04/18/2023, 3:39 PM
yea.. you can. To revoke an invite, you can simply create a new password reset token for the user and then call the reset password function with the same hardcoded password. This will revoke all the previously generated password reset tokens. When the user clicks on the link and tries to enter their new password, it will fail to verify the user's password reset token thereby preventing them from changing the password.
m

miguelstevensbe

04/18/2023, 3:40 PM
This does mean the user will still be around in the system, shouldn't I delete the user better?
r

rp

04/18/2023, 3:41 PM
oh yea.. sure you can,.
that would be better.
m

miguelstevensbe

04/18/2023, 3:42 PM
I will test and see what happens when a user that is deleted clicks the link in the email reset password.
r

rp

04/18/2023, 3:44 PM
cool
m

miguelstevensbe

04/18/2023, 3:50 PM
Thanks a lot!