1

Our current user registration process is using Spring Boot, Spring Security ,Spring Security OAuth 2 and a React front end user interface.

We have a create user API which you pass a username, password, user contact details etc and it returns you the user profile object as well as the OAuth token. Once the user has registered, they are logged into the application automatically.

What we want to do is to send the user an activation code to their email/phone at the end of the registration process and they need to enter this code to complete their registration.

I see there is an Spring Security enabled flag. I can create the profile and set this to false. Once the user enters the correct code, I can set this to true. My only query is would I have to get the user to login again to get the oauth token?

I prefer not to use an activation email link as I don't want to open up new browser windows.

Any advice would be most welcome.

Swordfish
  • 1,127
  • 24
  • 46
  • 1
    I guess I could send the activation code to the user email address before the user is created. When I create the user, I can pass the activation code and validate it then. If all is OK return the user profile and OAuth token, automatically logging them into the application. Any issues with this approach? – Swordfish Aug 13 '19 at 10:49

0 Answers0