Hi @jorge.vazquez,
Welcome to the Community!
Unfortunately, rules only run after successful authentication, and the email verification link will not authenticate the user. The most similar flow possible when forcing email verification would look like this:
- User signs up with database connection (email/password)
- User is redirected back to the app with an
unauthorized
error and shown a message that they must first verify their email address.- The rule will send the user back to your app with an error in the URL.
- Your app will use the error in the URL to display a user-friendly message.
- Force email verification example: Verify Emails using Auth0
- The user will verify their email address and they will click a button to go back to the app (you will need to configure an Application Login URI to show the button on the email verification page when using the New Universal Login)
- The user will have to log in again to be assigned the roles.
Related topic: