How to create stormpath user without password?

191 views Asked by At

Some users of our application are admins. We want give them a capability to create new users. We think about the following flow:

  1. Admin goes to "Users" page and clicks a "create a new user" button and fill new user's name and email address.
  2. That new user retrieves an email with acknowledge that a user was created in our application.
  3. The user clicks a link from email body and proceeds to "Set password" page and specify his password.

Is it possible to achieve such flow with angular + express? Is there any other possible flows which can be achieved?

1

There are 1 answers

0
robertjd On

You can create an invite-based flow, but you'll have to do some custom work with our libraries.

You'll need to work with the Stormpath Client and Stormpath Application directly, these are provided by the Stormpath Node SDK. Inside of your Express middleware, retrieve the client with:

var stormpathClient = req.app.get('stormpathClient')

and the application with:

var stormpathApplication = req.app.get('stormpathApplication`)

On the application, use stormpathApplication.createAccount() to create the user. When you pass the new account data, set the password to something that is very long, random, and un-guessable. If your Stormpath directory has email verification enabled, the user will get an invite email. That email should link them into your Angular application, to a custom view which will read the email verification token from the URL and post it to a custom middleware on your server. This middleware will need to use stormpathClient.verifyAccountEmail() to verify the token.

Then you can collect a new password for the user, and save it by setting req.user.password='new password', then calling req.user.save().

Hope this helps! I work at Stormpath and I am a maintainer of these libraries :)