We are working on the implementation of a register flow where users need to validate their email using the verification email feature described in Customize Email Handling
After the email has been verified, we expected the user to have an active session in Auth0 so that they do not need to provide their credentials (email & password) again, making the sign-in process frictionless. However, we experienced that users are prompted the sign-in form when they visit Auth0 for the second time.
I would like to know if this use case is supported by Auth0, or we will need to request email & password login after going through the email verification process.
Hi @manuel.bustillo, if the user signed up in the same browser their original session will still be there, assuming they didn’t log out and the session timeout was not exceeded.
However, if the verification was done on a different browser, the user will not be automatically logged in. They will have to enter the credentials again. This is the expected behavior right now.
We are creating users via API and then sending them a link to verify their email address. They did not go through the sign-up process with Auth0 directly, but I assume they will have an active session in the same browser they used to validate their email address (which is their first interaction with Auth0). Is that correct?
Email verification does not create a session, so if they had not logged in earlier there will be no active session in the browser. If you expect the user to log in right after verification, they should be redirected to the login page.
On the other hand, if they had gone through a regular signup flow, they’d have been logged in automatically after signup - which would leave an active session in the browser.