Hi, Auth0 users and admins.
We have the following scenario:
- A web app using auth0-spa-js
- Uses classic universal login
- After a user signup, we have a custom built email verification flow
- when this flow succeeds, we update the user with
The problem is that after the user patch, the web app’s session becomes invalid. This means that after the email verification, if the user refreshes the page, auth0-spa-js silent auth will fail.
Patching Email or Email_verified via the management API will invalidate the Auth0 session
I would like to know if there is any way to build a custom email verification like ours, but without logging out the user.
Requiring the user to login right after signing up and verifying their e-mail is certainly not a good UX.