Set-password / first access
/auth/set-password is the final screen of any invite — staff or
player, mass or individual. It asks for a password, validates it
(minimum 8 characters, not on a trivial list), and leaves the user
logged in to their portal.
How staff use it
Section titled “How staff use it”Access and permissions
Section titled “Access and permissions”Public, but requires the invite session to be active. If the link expired or was already used, the screen shows “Session expired. Request a new invitation link.”
User flow (3 steps)
Section titled “User flow (3 steps)”- Open the email link.
- Type your password twice (minimum 8 characters, avoid
obvious ones like
passwordor12345678). - You’re logged in automatically and land on your portal —
/playerfor players,/dashboardfor staff.
FAQ / edge cases
Section titled “FAQ / edge cases”- Password under 8 characters: rejected.
- Obvious password (short list of the most common ones): rejected with “Pick a less common password.”
- Expired link: the screen shows “Session expired. Request a new invitation link.” → you’ll have to ask the staff to invite you again.
How the player sees it
Section titled “How the player sees it”- They see two inputs (password + confirm) + submit button.
- After successful submit, they’re logged in and redirected to
/player. If they haven’t yet accepted the required terms, they’re shown before the portal. - Errors in plain language — no technical text.
Limitations / roadmap
Section titled “Limitations / roadmap”- If you forget your password later, use “Forgot password” on the login screen.