Auth0 Home Blog Docs

Can password reset also serve to verify a user's email address?



Hey Auth0 community, variations on this question have been asked before, but I don’t see any that are exactly this:

“It would be very convenient if a password reset could also act as an email verification. Can this be accomplished now? (pretty sure not), and if not, can it be added as an Auth0 feature?”

Today a user can sign up (with an email account), not yet verify the email of their new email-based account, then successfully reset their password, still having “email_verified=false” in their profile. Arguably they cannot have reset their password without having (in effect) verified their email address.

In our system we prevent people from ‘logging in’ until they have verified their email, so in our case a user can reset their password, and then 5 seconds later (try to) log in, only to see an error message telling them to please verify their account.