https://supertokens.com/
Join Discord
Menu
Home
Archive
Is there documentation for how to create users without them signing up?
# support-questions-legacy
a
Is there documentation for how to create users without them signing up?
r
Hey! The recipe you are using has functions on the backend which can be used to create new users
@Al V
a
@Roy R @carlos.negron
The EmailPassword recipe?
r
Yea. It had a EmailPassword.signUp function
Which you can call with some random password. And then you can send the user a reset password link (which acts as their invite link).
a
Thanks, @rp_st
r
Hmmm, yeah, the signUp function just seems pretty geared towards a signup form.
I guess what I am going to be looking for early on is a way to insert a user.
As we are going to have clients with 0 users, and since we aren't a public system we won't have signup.
r
Well, for email password, you need to associate some password to a user at all times.
r
I guess I can just write a nicer wrapper around EmailPassword.signUp, though.
r
Wait. Are you talking about the frontend function for signup or backend?
r
Backend.
r
Right yea. That accepts an email and a password
What would a nicer version of that function be?
r
Well, it's just that the input to the function seems a bit tied to a form implementation.
As opposed to generic.
r
Hmm. Im not sure what a generic function would look like for this. Maybe some example?
r
Oh, that's easy:
Copy code
{
  "user": {
    "email": "x",
    "password": "x"
  }
}
Right, just passing through a user object.
r
As opposed to signUp(email, password)
r
I mean, I can do that, and then destructure that payload into a formField payload.
r
Right. So the formField payload is from the frontend SDK
The backend SDK, has EmailPassword.signUp(email, password)
r
Oh, sorry, I see, I was considering the api part of the backend.
r
Ah right yea. They API is formField based. Yea.
r
Ok, so the front-facing api is form-field notational, but the backend just has the sdk call which is simplified.
That works.
And we put in some kind of trash temporary password that is not usable for the first creation.
r
If you want to restrict end user sign ups, you want to disable that API and make your own which calls the backend SDK function. And probably guard that API with some admin key or something
r
nods
I may just make the signup api auth-required and then call it from within AWS.
r
Yea. That works too
And you want to override the signIn api to make sure to not allow use of the trash password
r
Just one follow up, is username - password supported via some means?
Perhaps I can actually use myusernamehere instead of an email, or is it validated?
r
You can change the validation logic of that and technically, you can pass the username as the email and it would work.
The only issue is that during reset password for example, how would you know their email id?
r
Yeah, doesn't really work well.
r
So you would want to store the username in your own db perhaps
And then you can ask the user to set a username somehow
And during sign in, you can override the api to check if the input is a username, and if it is, fetch the email from your db and then pass the entered password and email to supertokens to verify the credentials there.
That’s one flow that could work well
5 Views
PreviousNext
Powered by

SuperTokens.com

SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

Powered by