I currently only allow the token to be provided whenever a user has a valid email.
However I would like to change it so that if the email is not yet validated the user could still receive a token but with a very short session.
I currently used actions to deny access to the api, but could I make it so that access is granted but only for x amount of time?
Welcome to the Auth0 Community!
Unfortunately, it’s not possible to use Actions to grant a user access, but only for a certain amount of time.
For now, changing the API Token Lifetime settings is the only way to manipulate the token’s TTL.
In this case, I recommend changing your token’s expiration to be as short-lived as possible.
Then you can proceed with allowing your users to log in for a short period of time.
Let me also add that I would not advise allowing non-validated email address users to log in, as it could weaken your security posture and introduce fraudulent users.
I hope the explanation was clear!
Please let me know if you have any questions.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.