Documentation for Auth0 Require Email Verification action is wrong, copied from other action

lee.omara · June 29, 2023, 11:18pm

Hello,

Parts of the Require Email Verification action installation documentation are incorrect. They appear to be copied from the Password Rotation action.

In particular, Results and Troubleshooting are all about password reset.

e.g.

Results

Once this Action has been deployed. Users with passwords that were set within the window you configured, will login as usual. When users with expired passwords attempt to login, they will be prompted with your error message and be forced to reset their password.

Troubleshooting

Ensure you provide a valid whole number for Password Expiry In Days and remember this will only apply to users that authenticate with Database Connections. Users than authenticate through Social, Enterprise or Passwordless Connections will not be under the scope of this Action.

I’m not sure if the Add the Auth0 Action section is correct. It differs between the two actions, through from my use, it doesn’t align with the Require Email Verification action (the config screen had no options for me).

henrich.kraemer · July 27, 2023, 6:23am

Good Day,
It appears this actions comes from Auth0. It would be great to have access to the source code on GitHub.
Would this be possible?

andy.miller · August 21, 2023, 9:49am

I’ve held back installing this action because of this confusing wording.

Could anyone please confirm:

1: Does the Require Email Verification work?
2: Does it also impose password rotation (as implied by the wording)?

Thanks

idac · August 23, 2023, 10:50am

I also noticed this issue.

Not sure what “community supported” means for library actions. Probably what we’re looking for is the equivalent of:

sam.yapkowitz · October 30, 2023, 3:49pm

@lee.omara @henrich.kraemer @andy.miller @idac

Hey team, just saw this post. I was the author of this Action, so I wanted to reach out to tell you that the documentation in the Troubleshooting section is indeed wrong, so we apologize for that. The Action does work and it does not have anything to do with password rotation (another Action I wrote and submitted to the Marketplace). Here is the source code for it if you wish to learn how it functions and if you wish to build you own extension of this if you need to customize it further say for certain connection types or even segment it out further by organization or maybe a user’s role. We will be fixing the documentation shortly. Thanks

exports.onExecutePostLogin = async (event, api) => {
  const { ERROR_MESSAGE } = event.configuration;
  if (!event.user.email_verified) {
    api.access.deny(ERROR_MESSAGE);
  }
  return;
};