I could do with some help on implementation detail. I have an app where users of type “Manager” can register other users of type “Team member”.
From my client I am calling the Realm app register method (on a screen which can only be used by Managers to create their team members) but because I do not get back an id from the register method I am struggling to link the newly created team member with a custom data profile document.
Their email gets stuck in “pending” even though I have turned off “User Confirmation”. I turned off user confirmation because we trust the validity of the email in our process.
I don’t want them to have to log in to activate the account because some pre populated data by the Manager has to be filled into the profile document before the team member starts using the app.
What pattern can I use in this scenario? It’s really weird that user confirmation still traps emails in a pending state even if it’s turned off.
Functions don’t appear to have access to create users.
You’re correct that the user is pending until they log in for the first time.
You can have the Manager store data in a collection (along with the user’s new email address) and then use a trigger to setup the custom user data (using the data from that doc) when the employee logs in for the first time.
So I think I understand that. So the email address stored in the custom data doc is queried by the Trigger which checks for first time log in. That makes sense.
I had temporarily implemented a call to the admin API to create the user (the admin API doesn’t set them to pending, they are confirmed on create) but the way I had done it is to call the admin API from a function using an API key stored in secrets. It would have been good if API keys could
be scoped to specific things, in my case only allow user creation only.
But I think I will rip this out now in favour of what you suggest as I am not sure about how secure it is to call the the Admin create user API from a Function.