I want new sign-ups to be authenticated to ensure they are giving a genuine email address, and not just spamming the system.
There have been previous chats about the lack of the feature that will enable authenticating through the given email address. I think this feature is still unavailable (as Softr feels most of their clients use the program for internal use and therefore are already authenticated).
Any other way to authenticate users who might not be using a gmail account?
Once a user signs up, they are “authenticated” no matter how they signed up (Gmail or not). So I would suggest you add visibility restrictions so only folks who are “signed in” can use your marketplace.
What I am looking for is this:
Person X signs up using an Outlook.com email. At the moment, they don’t have to give a real email address. As long as they remember the email and the PW, they can sign in.
What I want is that a message is sent to the email address they gave with a link to connect to complete the registration.
I think OpenID is a possibility but too expensive for a trial project like mine.
There was a discussion on this topic last year but I don’t see any active ones atm.
Hi @SenRath a simple workaround might be use magic link notifications. This way, if a user register with a non real email account, it won’t receive that email. If the email is real, then email notification will land into her/his inbox with a magic link (set per once-time, for instance) in order to create a personal password in their user account profile page.
They will get an email notification (Softr email account or custom domain of your app) available from notification templates in your app. You must to set up that magic link for one-time use only, or always valid. Then, users goes to account settings page in your app, to set up password. You may check documentation:
The sign up blocks already capture the user’s password. Disregarding that, after a user signs up with a sign up block, their info is stored in Softr’s Users table, Builder’s database users table, and the user is considered a logged in user. At that point, where is that user directed? To what page with what blocks?
The typical self sign up journey would have the user enter name, email, and password, which Softr’s sign up blocks capture. Why would they then need to be routed to an account page to “set up a password” again? Even if you redirected them after sign up to any page, the only block available that addresses passwords is the User Profile block, which is for changing existing passwords, not creating a new password, again, which the user has already done when signing up.
Not for public facing, self sign up @gfranco. There is no conventional AND secure way to sign up these kinds of users, at least with Softr’s Sign Up blocks.
Softr could start by simply adding the same functionality to their Sign Up blocks as their Sign In With Code blocks to validate new user email addresses, ensuring that whoever signs up, at least has access to the email address they enter into our sign up blocks.
This would create more value for Softr builders, who are now paying a premium for more users in their Softr Users Tables without any onboarding security improvements over the last two Softr price increases.