K
Kinde2mo ago
Yvens

What would be the most secure way to create invitation link for users to join an organizations ?

I'm using resend to send the invitation link (Nextjs app router SDK). The link should be created with the org_code. I would like to make it one-time use. Let me know if you have any other security concerns I should think about. I know that I may need to implement the thing or a part of it myself. I want to be sure that there isn't an other way already provided by Kinde. Thank you
2 Replies
Peteswah
Peteswah2mo ago
Hey @Yvens great question, there is no "best-practice" for this use-case right now. As long as the link is something like https://kinde.com/docs/developer-tools/nextjs-sdk/#sign-into-organizations
<LoginLink orgCode="org_7392cf35a1e">Login</LoginLink>

<a href="<your-site-url>/api/auth/login?org_code=org_123">Login to org</a>
<LoginLink orgCode="org_7392cf35a1e">Login</LoginLink>

<a href="<your-site-url>/api/auth/login?org_code=org_123">Login to org</a>
you should be alright
Kinde Docs
NextJS App Router SDK - Developer tools - Help center
Our developer tools provide everything you need to get started with Kinde.
Yvens
Yvens2mo ago
Hello @Peter (Kinde) ! Ok thank you, but what would happen if a third party got the invitation link ? They would be able to sign up the organization too right ?