Auth0 console says email is verified, but auth0 user in app says email_verified = false

Has anyone ran into this before?

Edit: if I logout and login, my email is verified.

So maybe some kind of caching issue

Hi Anthony,

Welcome to the Auth0 Community :slight_smile:

How are you checking that email_verified is true or false on your application?

I’m wondering if the problem here is that you are looking at the id_token that you grabbed when you logged into your application. That would explain why the email_verified value is not updated and why it gets updated after a log out and log in process.

Have you tried calling /userinfo from your application after verifying the user’s account?

@Ale

We attach the accessToken to our HTTP request (graphql) and then the backend uses that to get the user info

We use the @auth0/nextjs-auth0 “getSession” function to get the access token

I would think every new HTTP request should grab the latest session. So either auth0 isn’t giving us the latest session, or there is some kind of cloudflare caching issue?

This sounds pretty similar to the issue I’m having

and here

I guess we need to integrate with the management api and rely on that instead of using the decoded token?

@accountsjs.com you might be correct in your hypothesis:

I didn’t have the time to test this but after taking a look at nextjs-auth0/V1_MIGRATION_GUIDE.md at main · auth0/nextjs-auth0 · GitHub and also session/get-session | @auth0/nextjs-auth0 I think that there might be a problem with the getSession function you are using. It uses a cache system that might not be updating correctly.

The nextjs-auth0 SDK has been developed very recently so there’s the possibility of bugs like this one. Actually, I found a potentially related and reported bug: Refetch additional user informations from the backend · Issue #316 · auth0/nextjs-auth0 · GitHub

I encourage you to report this directly on the repo: Issues · auth0/nextjs-auth0 · GitHub

You could work around this issue by calling our Authentication API Explorer directly (preferred method since you should already have an Access Token if I understood correctly) or via our Auth0 Management API v2

Let me know if all this makes any sense.

1 Like

Thanks for taking time to research this.

Found this as well

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.