I’m using okta-auth signIn() & session.setCookieAndRedirect() in my front-end client and OIDC on the back-end. I have a custom login form and I want to build a custom registration flow.
My user registration flow begins in a separate external e-commerce system that notifies me when a user has paid to gain access to my app with a secure transfer of the user’s email address and a few other optional things.
It seems like I should be able to create a user at the point of callback from the e-commerce system and notify the user via email to hit my custom activation page and create his own password to log in.
I’d like the flow to go something like this:
- Create and activate the user when the e-commerce system tells me he paid
- User clicks on activation link in the email
- [Would like to end up on my activation page]
- [Unsure what my activation page is supposed to do at this point]
What’s the safest way to go about doing this? How can I get my custom
activationToken in the email? I have some brute-force thoughts in mind that all feel hacky and unsafe.
I would be very grateful for some guidance on this. Something tells me this should be easy, but I just can’t find the dang door!
I read that I can use the
activationToken to create a custom activation link but I don’t know what to do with the link (#4 above): https://developer.okta.com/docs/api/resources/users#activate-user
In customizing the activation email, template I couldn’t find the variable that represents the
activationToken : https://support.okta.com/help/Documentation/Knowledge_Article/Email-and-SMS-Options-1077615107