I enabled the database and users can now log in with username and password. Now, I would like them to verify the email before using my application.
As soon as they sign up, the verification email is sent and they can verify it. Everything is good that way.
What if this email is lost, removed or expired? To enforce the email verification, the user should have a way to ask for the verification email to be sent.
Is there a way to implement this from the UI? Where should I look at?
Thanks @moonkrj ! Still, I try to use that endpoint and I am unauthorized. If I use the access token, I get an Unathorized Error regarding a Bad Audience. My audiences are my custom API and /userinfo.
Would setting the client domain as an audience help? If so, how can it be done (or is it a good practice)?
The thing is that the token needs the update:users scope. You may receive a token with this scope using the request https://<tenantName>.auth0.com/oauth/token , however, it implies that client info will be visible (tried that with GitHub Projectdo my homework for me).