Users are added to the database without a password, as they are added by other users.
I’d like to ensure that whenever a user comes to our app, after logging in, they are presented with a Create Password page, if they do not have a password completed in the DB.
I could just have this as the page that the come to when they click the invitation link in the email, but I need to ensure that they cannot utilize any pages in the app until password is complete.
I’ve thought about creating another role for this, something like “subscriber-password-not-complete” but this is clunky.
I’ve also thought about using a workflow for every page that checks is password is complete, and then redirecting them to the Create Password screen, if not. But, that also takes up a lot of resources on ever single page load thats probably unnecessary.
Any ideas on the best way to do this?
I should also say that my users don’t always have a role, as there are some users without any role, and the roles are actually attached to an account.
Hi @kevinwasie,
Interesting use case. If I understand, users are created manually without any password. So, they sign in just with their email? Right?
Two options come to my mind:
You don’t consider these users as users. So, when they fill in their email, you redirect them to a sign-up page with their email prefilled and a password input. Then you add classic signup workflow on the front-end. On the back-end you edit the user instead of creating a new one.
You consider these users as users. Then, adding a role is the right option for me as you can use this role to prevent them from accessing other pages. Like this:
Specify where is the role key in the get me response. It has to come with the get me endpoint because this is the call the plugin will make before rendering each page. To make sure the user is allowed to access it.
Let me call 
