K
Kinde8mo ago
Yvens

What would be the most secure way to create invitation link for users to join an organizations ?

I'm using resend to send the invitation link (Nextjs app router SDK). The link should be created with the org_code. I would like to make it one-time use. Let me know if you have any other security concerns I should think about. I know that I may need to implement the thing or a part of it myself. I want to be sure that there isn't an other way already provided by Kinde. Thank you
4 Replies
Peteswah
Peteswah7mo ago
Hey @Yvens great question, there is no "best-practice" for this use-case right now. As long as the link is something like https://kinde.com/docs/developer-tools/nextjs-sdk/#sign-into-organizations 
<LoginLink orgCode="org_7392cf35a1e">Login</LoginLink>

<a href="<your-site-url>/api/auth/login?org_code=org_123">Login to org</a>
<LoginLink orgCode="org_7392cf35a1e">Login</LoginLink>

<a href="<your-site-url>/api/auth/login?org_code=org_123">Login to org</a>
you should be alright
Kinde Docs
NextJS App Router SDK - Developer tools - Help center
Our developer tools provide everything you need to get started with Kinde.
Yvens
YvensOP7mo ago
Hello @Peter (Kinde) ! Ok thank you, but what would happen if a third party got the invitation link ? They would be able to sign up the organization too right ?
duro_ujec
duro_ujec3mo ago
As I understand, if the disable self-sign up is set AND the invited user is added in advance via API, then only the actually created users can login to the org.
Kinde docs
Manage user sign up to organizations
Our developer tools provide everything you need to get started with Kinde.
Peteswah
Peteswah3mo ago
^ That is a great idea
Want results from more Discord servers?
Add your server