Has anyone ran into this before?
Edit: if I logout and login, my email is verified.
So maybe some kind of caching issue
Has anyone ran into this before?
Edit: if I logout and login, my email is verified.
So maybe some kind of caching issue
Hi Anthony,
Welcome to the Auth0 Community
How are you checking that email_verified is true or false on your application?
I’m wondering if the problem here is that you are looking at the id_token that you grabbed when you logged into your application. That would explain why the email_verified value is not updated and why it gets updated after a log out and log in process.
Have you tried calling /userinfo from your application after verifying the user’s account?
We attach the accessToken to our HTTP request (graphql) and then the backend uses that to get the user info
We use the @auth0/nextjs-auth0 “getSession” function to get the access token
I would think every new HTTP request should grab the latest session. So either auth0 isn’t giving us the latest session, or there is some kind of cloudflare caching issue?
This sounds pretty similar to the issue I’m having
and here
I guess we need to integrate with the management api and rely on that instead of using the decoded token?
@accountsjs.com you might be correct in your hypothesis:
I didn’t have the time to test this but after taking a look at https://github.com/auth0/nextjs-auth0/blob/main/V1_MIGRATION_GUIDE.md#getsession and also session/get-session | @auth0/nextjs-auth0 I think that there might be a problem with the getSession function you are using. It uses a cache system that might not be updating correctly.
The nextjs-auth0 SDK has been developed very recently so there’s the possibility of bugs like this one. Actually, I found a potentially related and reported bug: Refetch additional user informations from the backend · Issue #316 · auth0/nextjs-auth0 · GitHub
I encourage you to report this directly on the repo: Issues · auth0/nextjs-auth0 · GitHub
You could work around this issue by calling our https://auth0.com/docs/api/authentication#get-user-info directly (preferred method since you should already have an Access Token if I understood correctly) or via our Auth0 Management API v2
Let me know if all this makes any sense.
Thanks for taking time to research this.
Found this as well
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.