New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Expiration of User Invitations #904
Comments
It sounds like what you want, is a new feature for "user invitations"? If so, perhaps we should rephrase the title of the issue. If you're looking expiration settings for existing workflows, that are found in the tenant settings. |
Thanks @robotdan, I have updated the language of the title to include "user invitations." Unfortunately I haven't found an existing workflow to expire the invitation. The closest workflow that I saw is for setting a time limit for the If I am missing something, please let me know. Thanks for responding to this issue. |
Another possible option for you would be to use email verification. When this is enabled, you can configure users that have not yet verified their email address to be deleted automatically. See Tenant > Email > Email verification > Delete unverified users. |
Thanks for the suggestion. This seems like it would work if we were having users do self sign up. In our case this probably wouldn't be optimal since we are having user admins invite their other users to our application. |
Closing this issue, as user invitations are not a feature of FusionAuth at this time. |
Expiration of User Invitations
Problem
FusionAuth doesn't have a built-in method for expiring invites. Currently the link sent in the invite expires, but the password can still be set using the reset password workflow.
There is no way to disambiguate the following errors returned from the forgot password API:
The workflow I would like to achieve in our application UI is the following (also outlined in the related forum post):
Solution
change-password
API when expired, return a specific error code for an expired invite.change-password
endpointAlternatives/workarounds
Custom code written by the customer, possibly as outlined here: https://fusionauth.io/community/forum/topic/330/is-it-possible-to-disable-two-factor-without-providing-the-two-factor-code
Additional context
This issue is discussed in a forum post: https://fusionauth.io/community/forum/topic/401/how-long-does-the-email-template-changepasswordid-id-last-before-it-expires-how-can-invitation-expiration-be-implemented
How to vote
Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.
The text was updated successfully, but these errors were encountered: