I created the user using auth0-js, and the user’s email status is pending, but the user does login normally, which is not what I expected.
Usually, a user cannot login unless he has verified his email.
1 Like
Hi @baoyuan,
Thanks for reaching out to the Auth0 Community!
I recommend using a Post-Login Action to prevent your users from logging in.
Please check out our Verifying users in Actions FAQ for details.
May I help you with anything else?
Thanks,
Rueben
I would like to ask if Post-Login Action is the only solution? I have tried this approach but due to some process issues it is not suitable for us
Hi @baoyuan,
Yes. Using Actions is the recommended way to prevent user logins for access control.
Could you please describe the issues you encountered that make Actions unsuitable for your use case? I will try my best to see if I can offer any solutions or workarounds.
Thanks,
Rueben
Thanks @rueben.tiow
I am using Customize Login Page, and I noticed that when the login button is clicked, there is a request similar to /usernamepassword/login, usually a 200 response.
After I add the Post-Login Action refers to User can sign in before email confirmation, after the page has been redirected, auth0 passes a failure message to the API, which will cause the user to see the page jump after login and then see the failed login result, which is problematic in terms of user experience.
I expect the user to see the error message immediately after clicking the login button, i.e., no login until the email is verified.
I hope I have described it clearly.
Hi @baoyuan,
Thank you for your reply.
After my investigation, I noticed that you did not attach the Action to the Login flow and apply those changes.
I can see that your Action is unbounded:
Please make sure you drag the Action to your flow and click the Apply button.
Once this is complete, your Action should behave properly and prevent users from logging in if they have not verified their emails.
May I help you with anything else?
Thanks,
Rueben
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.