Best Practice for Creating and Admin-Initiated User Creation Flow w/MFA #202
-
I'd like to support an administrative invitation flow in my application. Specifically:
I think I can do the first couple of steps with:
Is that right? And the recommended method of accomplishing this? Now starting on step 4, how can I require that they configure MFA as a requirement? Do I do a redirect to the Manage MFA endpoint in the routes if Note, since there's been some discussion of |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
Yes, what you described sounds like a good approach to me 👍🏻 For requiring the user to configure MFA, Rodauth already provides It would definitely be useful to have a wiki page showing how to implement invites. Feel free to add one, the wiki is publicly editable 🙂 |
Beta Was this translation helpful? Give feedback.
Yes, what you described sounds like a good approach to me 👍🏻 For requiring the user to configure MFA, Rodauth already provides
#require_two_factor_setup
method for that, so you can callrodauth.require_two_factor_setup if rodauth.logged_in?
at the start of the request.It would definitely be useful to have a wiki page showing how to implement invites. Feel free to add one, the wiki is publicly editable 🙂