For the record, here's how I was able to implement an "by invitation only" registration form.
Assuming that the user received an email with a link of form http://.../default/user/register?token=sfaasdfasfa, and assuming I have defined a db table 'registrant' associating a token with a name and email, here's the bare-bones functionality, where the user sees a registration form with his name and email pre-filled out (and not editable), and he can pick a password. Note that to get web2py's Auth() class to do it's registration things (use all the settings to encrypt passwords, insert new user in database, send email verification email, etc), this has to be done at http://..../user/register def user(): if request.args(0)=='register': form=auth.register() registrant = db( db.registrant.token == request.vars.token ).select().first() form.element(_name='first_name').update(_value=registrant.first_name) form.element(_name='last_name').update(_value=registrant.last_name) form.element(_name='email').update(_value=registrant.email) form.element(_name='first_name')['_readonly']=True form.element(_name='last_name')['_readonly']=True form.element(_name='email')['_readonly']=True return dict(form=form) Quite short and sweet, once you figure it out :) Thanks for everybody's help!!! L.