Hello and welcome!
phx_gen_auth is meant to give you the bare-minimum needed to get going with auth. If you are looking for more fully-featured auth, you can look at Pow although its LiveView support isn’t all there yet but it’s coming.
Otherwise, I recently did what you’re describing in phx_gen_auth by repurposing the reset password form and the confirmation token. I did the following:
- Removed the registration form and anything related to it
- Added a user creation form to my admin area which:
- sets a long random password with
:crypto.strong_rand_bytes/1 - sends the user their confirmation email with the token link
- sets a long random password with
- Changed the confirmation page to display the reset password form and only mark the user as confirmed when they have set their new password.
- Ensure users can’t login until they have been confirmed (this is not done by default by the generator)
One gotcha is that if you are generated auth using LiveView and you want to auto-login the user after they have set their new password, the confirmation page should use a controller, not a LiveView. This is because you can’t set session data over websockets.
I know other people around here have done something similar approaches if you search around. If you choose to go this route then I’d be happy to try and answer any questions!
