Clicking on Change password email link also verifies user's email without using email verification link

In our application User flow,
When new user is created.we send 2 emails to newly created Auth0 user

  • User is created using Management APi’s CreateUserAsync method and verification email is sent to user to verify email address.

  • Another email to “Change Password” is also sent to user to set new password. using Authentication API’s ChangePasswordAsync method.

Now if user clicks on Change Password email link and successfully updates password. It also verifies user’s email
Even without letting user click on Email Verification link sent in another email.

is it a default behavior or am i missing some parameter in calls?

Thanks

One of the Auth0 folks may correct me but I imagine this is default behaviour. Clicking the link in a change password email is also verifying that the email address on file is functional. I don’t see anything in the docs about this, so it looks like a side effect. It makes sense but it would be helpful if the API docs mentioned it explicitly.

3 Likes

Yep that’s the default behaviour. Let me ping the team regarding that to bring it to their attention.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.