Hi, Auth0 users and admins.
We have the following scenario:
- A web app using auth0-spa-js
- Uses classic universal login
- After a user signup, we have a custom built email verification flow
- when this flow succeeds, we update the user with
email_verified: true
The problem is that after the user patch, the web app’s session becomes invalid. This means that after the email verification, if the user refreshes the page, auth0-spa-js silent auth will fail.
I found this response by @marcus.baker which says:
Patching Email or Email_verified via the management API will invalidate the Auth0 session
I would like to know if there is any way to build a custom email verification like ours, but without logging out the user.
Requiring the user to login right after signing up and verifying their e-mail is certainly not a good UX.