In our application User flow,
When new user is created.we send 2 emails to newly created Auth0 user
User is created using Management APi’s CreateUserAsync method and verification email is sent to user to verify email address.
Another email to “Change Password” is also sent to user to set new password. using Authentication API’s ChangePasswordAsync method.
Now if user clicks on Change Password email link and successfully updates password. It also verifies user’s email Even without letting user click on Email Verification link sent in another email.
is it a default behavior or am i missing some parameter in calls?
One of the Auth0 folks may correct me but I imagine this is default behaviour. Clicking the link in a change password email is also verifying that the email address on file is functional. I don’t see anything in the docs about this, so it looks like a side effect. It makes sense but it would be helpful if the API docs mentioned it explicitly.