Clicking on Change password email link also verifies user's email without using email verification link

ssingh · July 16, 2020, 3:28pm

In our application User flow,
When new user is created.we send 2 emails to newly created Auth0 user

User is created using Management APi’s CreateUserAsync method and verification email is sent to user to verify email address.
Another email to “Change Password” is also sent to user to set new password. using Authentication API’s ChangePasswordAsync method.

Now if user clicks on Change Password email link and successfully updates password. It also verifies user’s email
Even without letting user click on Email Verification link sent in another email.

is it a default behavior or am i missing some parameter in calls?

Thanks

markd · July 17, 2020, 4:04pm

One of the Auth0 folks may correct me but I imagine this is default behaviour. Clicking the link in a change password email is also verifying that the email address on file is functional. I don’t see anything in the docs about this, so it looks like a side effect. It makes sense but it would be helpful if the API docs mentioned it explicitly.

konrad.sopala · July 20, 2020, 11:32am

Yep that’s the default behaviour. Let me ping the team regarding that to bring it to their attention.

Topic		Replies	Views
How can I verify a new users email after password reset Get Help login-experience , reset-password-prompt-new-experience	2	3948	August 9, 2023
How to let users change their email? SAFELY Get Help api , email , verification-email	12	28289	March 12, 2024
Password Reset, Get Help login-experience , reset-password-prompt-new-experience	2	327	March 29, 2024
Passwordless email update & verification best practices Get Help passwordless , verification-email , email-verification	5	4414	March 23, 2020
Change user email Get Help email , verification-email , email-verification	7	24177	November 12, 2021

Clicking on Change password email link also verifies user's email without using email verification link

Related topics