I am trying to implement the following setup using the NextJS SDK:
A. Login/Create Account Page - Magic Link via Email
- Users are created as pending - until sign up is completed.
B. Upon a new Account, redirect to sign-up page which has the following:
- First Name
- Last Name
- Mobile Number (to later authenticate with OTP)
The sign-up authentication is currently doing the following:
- Authenticating the magic link token
- Updating the user first name / last name to Stytch
- Sending the OTP to the mobile number on submission.
The problem with this setup is two things:
-
As soon as the token is authenticated, the user is then changed from pending to active. Ideally I would only want this once the user details and mobile number have been confirmed.
-
If for some reason the user then abandons the sign up and they attempt to login again, they are sent a login authentication flow rather than a sign-up authentication redirect, because the system now thinks they have been signed up when this isn’t the case.
I don’t think this setup seems unreasonable, so I’m just making sure if I’m not missing anything as part of the sign-up authentication.
Hey David - thanks so much for posting!
User statuses are automatically updated via certain actions in the Stytch API, and reflect the Stytch API’s view of that User. Once a User completes an authentication flow, their status is automatically set to active - more on that in our documentation here.
Ideally I would only want this once the user details and mobile number have been confirmed.
Are you looking to use user.status to gate/alter behavior in your application?
If so, one alternative in your current flow would be to inspect. user.name.first_name , user.name.last_name, and user.phone_numbers to see whether the user has completed the full sign up flow, rather than relying on user.status.
the user then abandons the sign up and they attempt to login again, they are sent a login authentication flow rather than a sign-up authentication redirect
This is correct; there is no way to explicitly change this behavior and force a sign-up template to be sent in this scenario, since the User object already exists within Stytch.
One potential alternative here would be to alter the signup flow such that:
- Users first enter their name, phone number, and email address.
- Your application calls Create User on the backend to create a User with all of these attributes, with
create_user_as_pending: true.
- Your application then initiates an Email Magic Link and SMS OTP flow.
This way, if the user abandons the flow after step 2, there will still be a User object to capture the information they have already entered, but they will still be pending until they go through the login flow.
Do either of the workarounds mentioned above sound like they might work?