Better way for invited users to Create A Password

Softr’s solution for this scenario is incomplete

For invited users, Softr suggests using the ‘User Profile’ block to create a password. Unfortunately the user journey is confusing and inappropriate with this block, because it is not designed for on-boarding new users. In fact, Softr’s docs say that once the user enters the app from a magic link they can change their password later, but there is no mention of how or what that configuration looks like.

For instance, when an invited user lands on a ‘User profile’ block to create a password, the ‘Old password’ field is still there. Invited users have never created a password up to this point in the user journey.

Screenshot 2024-01-08 10.33.38 AM312×634 23.6 KB

Please deploy a solution that takes into account password creation for invited users. Until this happens, I’m afraid the recommended solution may cause unnecessary friction for new users and is therefore insufficient for on-boarding.

Hi @Ben currently old password field is there but disabled If you are logged in with a magic link. However, the code that I provided here Remove old password field from User Profile block (use case: users are initially invited with magic links) - #3 by Maria hides that too.
You can set page after Sign up directly on the block to redirect them to User Profile block page after they signed up so that they can set the password.
Another option would be using Forgot password and Reset Password blocks

I will make sure to add it as a help doc improvement request so that the whole process is clear

Thanks for the directions @Maria. What you described is what I had intended for on-boarding users. However, if the code doesn’t work over time, which is what happened, it is a problem. So rather than rely on a workaround for this critical part of the user journey, why not provide a better solution?

If implementing a solution is dependent on the demand for it, perhaps the lack of adoption of the User Profile block for on-boarding is because it is not an ideal block for this scenario in the first place. I have ideas for improving this scenario so builders can have the capacity to on-board invited users effectively. Please let me know if you’re interested.

I’m really hoping Softr takes another look at the entire user auth process. There’s no native 2FA option so if I wanted to implement that today (a lot of our large clients require it) I would have to use an external SSO provider.

We also have no way to set the session expiry policies.

I was told that after 30-90 days, logged in users are automatically logged out.
I haven’t used this, since I’m not having much luck with the durability of custom codes, but this was also suggested for inactive users:

Thanks @Ben

That thread provides an okay workaround for now, but its only clearing the jwt rather than invalidating it completely. The jwt would remain valid when used against Softr’s validation endpoint.

We are reworking the entire flow. Expect a lot of improvements to happen end of this quarter or next one…

What do we do in the meantime, considering this and related posts then?

you import them with their email address, and then direct them to the reset/forgot password page. tell your user to click the reset password using their email address on file and it will send them an email with a link to set a new/current password. that’s what we did.

This is what I’m doing today. We use a custom welcome email, which gets sent out via Zapier with a link.

Sounds like it will work amira, for “imported” users. Invited users, from Softr’s invite email, would land on your “forgot” password page from their email, only to be redirected back to their email, to then link back to the “Reset” password page. That’s a lot of redirection.

Right @nocodeking. 3rd party integrators seem to be the only effective way to onboard users, which to my point, defeats the purpose of Softr’s invitations.