Auth0 Require Email Verification issues

mbh · September 12, 2023, 9:03am

Hi,

We use this Require Email Verification from Auth0 to ensure our users verify their e-mail before signing in. This offen gives a issue as the customers don’t seems to be looking on their mails before moving on.

The only information send back to us in the URL is “Access Denied” nothing more. So how can we inform our customers that they need to verify their email before moving on.?

This is the module we use : https://marketplace.auth0.com/integrations/auth-0-require-email-verification?tab=install

rueben.tiow · September 12, 2023, 8:24pm

Hi @mbh,

Welcome to the Auth0 Community!

I have just checked the Require Email Verification integration you shared and found, in the installation steps, it states that you should be able to configure the integration’s Error Message to set your preferred error_description.

However, when I tried to test this integration, I was not able to configure the integration’s error message.

Given that, I will let our Engineering teams know about this issue to have them look at this.

In the meantime, you could implement this Post-Login Action script as a workaround:

exports.onExecutePostLogin = async (event, api) => {
  if (!event.user.email_verified) {
    api.access.deny(`Please verify your email before continuing.`);
  }
};

Please let me know if you have any questions.

Thanks,
Rueben

mbh · September 22, 2023, 5:36pm

The provided code here, don’t work.

rueben.tiow · September 22, 2023, 5:44pm

Hi @mbh,

I have just tested this on my end and can confirm that the provided code works.

See screenshot below:

Could you provide more details on the issue you are experiencing?

Thanks,
Rueben

mbh · September 22, 2023, 7:03pm

Sure the customers do still get the “access denied” even after i added the code and all.

rueben.tiow · September 22, 2023, 11:19pm

Hi @mbh,

Yes, they should see the URL structure that looks something like the following:

https://yourApp/callback?error=access_denied&error_description=%5Btest%5D%20force%20email%20verification%20action%20-%20Please%20verify%20your%20email%20address%20to%20continue%20to%Test%20Application&state=yourState

mbh · September 23, 2023, 8:55am

I see the url that is coming back is :
https://www.joybuggy.com/en/ checkout?error=access_denied&error_description=Access%20Denied&state=e4476cdd0693fc6cf823aa3dd9bfc141

Their are no more information then that. So it’s not really very usefull, when i go into the monitor part of auth0 i can see that the “issue” is that they has not yet verifyed their e-mail.

This “access denied” issue here is costing us a good amount of money ;(

mbh · September 23, 2023, 9:31am

Here is a user :

Raw data :

{
  "date": "2023-09-23T06:00:33.343Z",
  "type": "f",
  "description": "Access Denied",
  "connection_id": "",
  "client_id": "XX",
  "client_name": "Joybuggy.com Login",
  "ip": "XXX",
  "user_agent": "Firefox 117.0.0 / Windows 10.0.0",
  "details": {
    "body": {},
    "qs": {
      "state": "e4476cdd06dd9bfc141",
      "client_id": "XX",
      "redirect_uri": "https://www.joybuggy.com/en/checkout",
      "scope": "openid profile email",
      "response_mode": "query",
      "response_type": "code",
      "nonce": "0600d00c9f876a512f3181b43990e131",
      "code_challenge": "y9UiqJGbXO_nkrHjyFYJYO6dkEm2eXzq3Y2y3S64k5s",
      "code_challenge_method": "S256"
    },
    "error": {
      "message": "Access Denied",
      "oauthError": "access_denied",
      "type": "oauth-authorization"
    },
    "session_id": "8Bu8sWKttnUDr7m-EvgGvFsdpieLzFuh",
    "actions": {
      "executions": [
        "t2ajUYauRteGLll8MMb6DzIwMjMwOTIz"
      ]
    },
    "stats": {
      "loginsCount": 1
    }
  },
  "hostname": "joybuggy.eu.auth0.com",
  "user_id": "auth0|658589a0f1c7cd7706e",
  "user_name": "@.com",
  "audience": "https://joybuggy.eu.auth0.com/userinfo",
  "scope": [
    "openid",
    "profile",
    "email"
  ],
  "log_id": "90020230923060033408424000000000000001223372037860267257",
  "_id": "90020230923060033408424000000000000001223372037860267257",
  "isMobile": false,
  "id": "90020230923060033408424000000000000001223372037860267257"
}

Context data :

{
  "body": {},
  "qs": {
    "state": "xx",
    "client_id": "xx",
    "redirect_uri": "https://www.joybuggy.com/en/checkout",
    "scope": "openid profile email",
    "response_mode": "query",
    "response_type": "code",
    "nonce": "0600d00c9f876a512f3181b43990e131",
    "code_challenge": "y9UiqJGbXO_nkrHjyFYJYO6dkEm2eXzq3Y2y3S64k5s",
    "code_challenge_method": "S256"
  },
  "error": {
    "message": "Access Denied",
    "oauthError": "access_denied",
    "type": "oauth-authorization"
  },
  "session_id": "-",
  "actions": {
    "executions": [
      "t2ajUYauRteGLll8MMb6DzIwMjMwOTIz"
    ]
  },
  "stats": {
    "loginsCount": 1
  }
}

So why do i not get any error messages here on why the user is blocked??

As you see below here we have a good amount of “failed signups” without any information on why other then “access denied” - We can’t even see why, how shell the customer know or our customer support help the customers?

Below here are my settings, did i set it up wrongly?

rueben.tiow · September 25, 2023, 4:07pm

Hi @mbh,

The issue is happening because you have 2 redundant Actions that require users to verify their email before logging in.

Specifically, you need to remove the “Require Email Verification” Integration and keep the custom “Add error message to verify e-mail” Action in your Post Login Action flow.

Thanks,
Rueben

mbh · September 25, 2023, 6:32pm

Will the code you provided first here, still force the user to verify the e-mail.?

rueben.tiow · September 26, 2023, 3:21pm

Hi @mbh,

Yes, the code I provided in my initial response will force the user to verify their email before logging in.

I recommend giving it a try and letting me know how it goes.

Thanks,
Rueben

system · October 10, 2023, 3:21pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.