Use an invite code to bypass new user approval?

Yes, admin can create (generate) several invitation-keys (invite tokens).

No invite tokens are not linked/restricted to an email. While redeeming/accepting the invitation user has ability to provide email and choose username.


I followed the plugin discussion, and seems to me the plugin is not doing much in the favor of a simpler invitation process to be used in conference cases:

What this particular use case is reusable invites perhaps with a limited time frame. Then you could flash your url on a slide and people could copy it and do what you want.

The other solution is to allow users to request accounts, but that won’t give users credit for the invites.

OMG @codinghorror , I am needing this so much today.

I need to invite 50 people to a forum, I do not have their emails, I just want to share a code in a whatsapp group and have them all join.

As it stands there is absolutely no clean way of doing this. Since this is rather urgent for me I will hack something rudimentary up today.

I am thinking

requires approval : true
auto approve code : default empty, if anything on signeup user is prompted to enter approval code, if it matches, user is auto approved

This means I can share that 12345abc is the approval code to the forum on my whatsapp group and people can share within the circle. Once forum is seeded with enough users it can move to the more secure / controlled manner.

This is not about credit in my mind, far more about being able to semi securely seed a forum with lots of users quickly from another medium.


So this is about invite only / all users must be approved by staff sites? The title of this topic is badly broken if so, let me fix that now.

I don’t have any objection to this in terms of bypassing invite / approvals.


OMG indeed! I don’t know how it’s taken this long to explain this to you guys. It was a problem for me from my very first time using Discourse five years ago. I don’t know if I posted about it then, but I have seen this question a bunch of times since then. I needed it again for a client last fall and I didn’t bother to ask.

It’s great that this will get solved!


You didn’t address the topic at all, though.

In order to join any Discourse instance ever created, users must have an email address. How else can users create a Discourse account? Via passenger pigeon? Telegraph? Smoke signals? Fax machines? :bird:

This is explicitly about sites with “staff must approve all new users” set. It’s a really narrow condition, since I view the Discourse default in the wild as open user signup …

I’m sure that I’ve seen the exact example that Sam just described multiple times. You have a community that you want mostly private. You don’t know people’s email addresses,but have some other way to communicate with them.

I know I’ve used the example of wanting to invite people to join a private forum at a conference by sharing a URL and a code or password on a slide as an example.

Yes, it’s is an edge case.


Try re-reading the first post which mentions none of this.

Generally all you need to do is say “go to and sign up!”

This certainly addresses the OP, longer term we can make this per user if this takes off but for now a single code will do.


I cannot really support this unless the code grants the new user a free staff approval. Otherwise it feels a bit… insane and totally random?

1 Like

The idea is that this feature is used instead of staff approval. (it could be used if you also were concerned that lots of bots would request accounts, but that does seem unlikely)

Replace “username” in the OP with “invite token”. Does that make sense?

No, because the first post :arrow_up: in this topic was about users signing up with no email address at all.

How can such a user, with no email, ever reset their password, for example? Or even confirm their signup as valid?

I was the one who fixed the topic title, check edit history on that first post.

1 Like

That’s not the way I read it. It’s not that the users don’t have email addresses but that they have email addresses that I don’t have to be able to invite them.

1 Like

You don’t need their email addresses, just put the URL in front of them, via whatever means you are (somehow?) communicating with them?

I could see an invite code being seen as more personal which is good for community. It could also be associated with automatic group membership too for sites with premium sections.


Right but we already have personal invites which convey a TL bump when that person signs up:

I support this as a way of bypassing new user approval (for approval required sites) and maybe even granting special group membership but as a super suuuuper janky low-end form of http auth password… not so much? :thinking:

I can also support it as “generate a generic https link that will make the new user signup show up as as someone I invited” as well.

But as a form of weirdo old school 2001 “enter the sekrit HTTP username/pass to access this website” … I really just cannot support this, as stated. I’m sorry, but I can’t. That’d be going actively backwards.


But you don’t want everyone in the world who stumbles on the site to be able to register.

1 Like

Let’s merge the discussions to here Optional global invite code