Powered by DjaoDjin. © 2025 All rights reserved. Legal.

The invite workflows

DjaoApp maintains two relationships to enable rule-based access control:

  • user to profile through roles
  • profile to profile through subscriptions

There are thus two workflows to enable users to access more features and/or data in an application. Both workflows can be initiated through either side of the relationship, emailing users to create an account if it does not yet exist on the platform.

Grant role

Profile Role Page
Profile Role Page
Related APIs

The grant workflow starts with giving a role to a user that is already registered, or inviting a user that doesn't have an account yet.

In both cases, an e-mail is sent to the user granted the role. That e-mail will either contain a magic link to accept the role, or it will be a simple notification that the role was granted. When the user receives a magic link, she will have to accept the role by pro-actively clicking on the link. The following table shows when a magic link or a simple notification is e-mailed based on the RoleDescription.skip_optin_on_grant field.

Double opt-in Skip opt-in
User already exists but has no relation to the profile Magic Link Notification
User already has a role on the profile Notification Notification
User already has a pending grant for a role on the profile Magic Link Notification
User has a pending request on the profile Notification Notification
User has not yet registered Magic Link Magic Link
Profile Role Page
Invite e-mail with magic link

When a role with skip_optin_on_grant is disabled, the user granted the role will have to accept it, by either clicking on a link in the grant e-mail, or on a Redirects to Profile Page.

In marketplace scenarios where there are lots of contributors with multiple e-mail addresses, you might want to let grantee accept a role through a different e-mail address (i.e. the primary one they registered with on the site). To that effect, anyone with the one-time magic link in a grant e-mail can use it to accept the role. So a user logged in with a different e-mail than the one they receive the grant on can connect their main account to that granted profile.

Implicit grants

To simplify on-boarding, after a user e-mail has been verified, implicit grants are created for personal profiles and profiles with which the user is matching an organization e-mail domain.

To enable implicit grants, one (and only one) role for the profile, or one global role must have an implicit_create_on_none field set to true.

Request role

User Accessible Page
Connected Profiles Page
Related APIs

A role on a profile is typically requested...

  • When the user explicitly request access to a profile through the Connected Profiles Page.
  • When the user is redirected to a page that requires a profile identifier, and no profile is provided (ex: on-boarding).

When a user visits one of these pages, each pending or implicit grant not specifically marked as double opt-in (i.e. skip_optin_on_grant field is enabled) are accepted automatically.

In case of redirects, if the authenticated user has a role on a single profile, the redirect is taking place automatically. In case user input is required, either a list of profile candidates to redirect to, or a form to create a new profile (or request access to an existing profile) is presented.

On-boarding and App redirects integration

After a user registers to the site (see The Authentication Workflow), or in all situations where an authenticated user has no role on a profile, they will be presented with the on-boarding workflow. As a result, the first step of the on-boarding workflow is best implemented in the Redirects to Profile Page in the HTML form element that creates a new profile.

There will be situations where you want to leverage DjaoApp redirects logic within your own application. Since DjaoApp and your application run in two separate service containers, You cannot do this binding at the source code level. What you need to do is use a URL on DjaoApp, specifying a URL pattern DjaoApp will redirect to after a profile has been selected, created, requested, etc.

App Redirect through DjaoApp redirect logic 
$ curl /users/roles/accept/?next=/app/:profile/

In the example above, DjaoApp will serve the redirect logic (i.e. /users/roles/accept/), then on completion, redirect to /app/:profile/, where :profile will be replaced by the actual profile slug.

If your application is implemented with the Django framework, djaodjin-deployutils provide mixins to simplify the integration. See below how to redirect from /app/ to /app/{profile}/ using DjaoApp redirect logic within your Django application.

urls.py 
from deployutils.apps.django.redirects import AccountRedirectView
...
urlpatterns = [
    path('app/<slug:profile>/', AppView.as_view(), name='app_profile'),
    path('app/', AccountRedirectView.as_view(pattern_name='app_profile'))
...

Grant subscription

Subscribers Page
Subscribers Page
Related APIs

A profile manager for a provider on the site can grant a subscription directly to a profile either through:

  • a plan subscribers page (Settings > Plans > click a plan title > Plan subscribers), or
  • the profile subscriptions page (Settings > Find and click profile > Subscriptions)

When granting a subscription, no payment is required until renewal at the end of the period. When the plan has a positive period amount, and the subscription auto-renew is enabled, the customer will be automatically billed at the end of the period. To prevent such surprises, a customer must opt-in the subscription that was granted by clicking a magic link in a subscription_grant_created notification e-mail.

To disable this behavior, and subscribe the profile without the customer being required to opt-in, set the plan skip_optin_on_grant to true.

When a plan is configured with skip_optin_on_grant to true, no notification is sent. This is useful for sites that manage access control through subscriptions, but otherwise do not want to expose members to the internal workflows of the business.

Request subscription

A profile requests a subscription through the checkout workflow. To skip the payment step in case of freemiums, enter zero for the plan period_amount.

In cases where there are a limited amount of space, or a provider needs to explicitly approve a subscription before it is active, set the plan optin_on_request to true.

Related APIs
Need help?
Contact us
Curious how it is built?
Visit us on GitHub