Custom Signup Form in a B2C SPA

Hi everyone,

I am currently trying to implement a signup / registration flow for a consumer facing web-application based on React, which uses okta-auth-js to allow a custom login form.

In my experience, the following flow for user-registration (signup) is pretty standard for SaaS products, yet I can’t seem to figure out how to implement it with okta - given that I do not want to make use of the okta-hosted signup form.

The flow should be as follows:

1. User visits the custom signup-page in our SPA, is asked for a (primary) email and a password.
2. The user clicks “signup”, my SPA issues a request to our backend API, which in turn uses a private token to authorize requests to okta’s rest api. It uses the okta REST API to create the user within okta using this endpoint: https://developer.okta.com/docs/reference/api/users/#create-user-with-password and the “activate” parameter set to false. In the frontend, the user is now prompted to check his/her inbox for an activation email.

From here, the flow deviates from my expectation:

Ideally:
3. The user finds an activation email in his/her inbox, clicks a link contained in it and is redirected to our app, where he can now sign in with the credentials provided in 1.

Actual:
3. The user never receives any activation email (as stated in the documentation of the endpoint).

Questions:

  1. Is it at all possible to build a fully custom customer signup experience using the okta-rest-api that avoids sending the user to the okta-hosted pages?

  2. Do I need to implement my own activation-email flow in this case?

Now I am aware that I could use another endpoint of the API to create the user without credentials, but the activation email sent with that takes the user again back to the okta hosted “specify password / recovery question”-screens, which I’d like to avoid.

Thanks in advance :slight_smile:

Yes, you may need to send your own crafted “activation” emails which will have a link to your hosted app instead. And “yes” to your first question.

Hi Phi1ipp,

We were hoping to avoid implementing any of these account activation flows, but if that’s what it takes to get a signup experience that aligns with customer-expectations, so be it :slight_smile:

I’m surprised the flow described above isn’t supported using the okta REST API though. Maybe our perception of a “standard” flow is not so standard after all. How do you people handle signups in your apps?

At least there is some clarity now. Thanks for the reply.

Best regards.

Whatever you may build with REST API will still use Okta templates, which you can modify to some degree. I once built what you are looking for (if I understood correctly) by dirty-hacking email templates. You can try to modify your activation email template to substitute the token with https://your.site.com?{{token}} :slight_smile: That will send a user to your site with the activation token.