User accounts created in Decidim without going via Auth0

[RCheesley]

When we invite people as a private member on an assembly and they get an email, it seems like when they click through it's creating them an account in Decidim without going through our auth system (Auth0) to log in first.

So when they next come to log in (eg when they don't have the cookie set, I assume) it's like they can't log in, as the account is present in Decidim but not in Auth0 which is the only way that you can log into our instance.

This is my best interpretation of the situation based on several people today having this problem (it's the last day of voting in our election so naturally the entire world is panic-voting at the last minute!)

Users who had this issue:

Nickname: alanhartless, prateekjain

Neither had a user in Auth0 but their accounts were registered in Decidim.

[RCheesley]

There is no integration process with the invitation process and external authorisation providers currently.

Workaround:

1. Add text on invitation email to tell them to create an account with the email address for Auth0 before clicking on the link, or ping us to tell us if the account email is different
2. Raise it as a bug with Decidim for review

[RCheesley]

https://github.com/decidim/decidim/blob/v0.27.4/decidim-core/app/views/devise/mailer/invitation_instructions.html.erb email message is configured here. devise.mailer.invitation_instructions.hello as the variable email Use these terms to customise the email @RCheesley