Documentation for Auth0 Require Email Verification action is wrong, copied from other action


Parts of the Require Email Verification action installation documentation are incorrect. They appear to be copied from the Password Rotation action.

In particular, Results and Troubleshooting are all about password reset.



Once this Action has been deployed. Users with passwords that were set within the window you configured, will login as usual. When users with expired passwords attempt to login, they will be prompted with your error message and be forced to reset their password.


Ensure you provide a valid whole number for Password Expiry In Days and remember this will only apply to users that authenticate with Database Connections. Users than authenticate through Social, Enterprise or Passwordless Connections will not be under the scope of this Action.

I’m not sure if the Add the Auth0 Action section is correct. It differs between the two actions, through from my use, it doesn’t align with the Require Email Verification action (the config screen had no options for me).


Good Day,
It appears this actions comes from Auth0. It would be great to have access to the source code on GitHub.
Would this be possible?

I’ve held back installing this action because of this confusing wording.

Could anyone please confirm:

1: Does the Require Email Verification work?
2: Does it also impose password rotation (as implied by the wording)?


I also noticed this issue.

Not sure what “community supported” means for library actions. Probably what we’re looking for is the equivalent of:

@lee.omara @henrich.kraemer @andy.miller @idac

Hey team, just saw this post. I was the author of this Action, so I wanted to reach out to tell you that the documentation in the Troubleshooting section is indeed wrong, so we apologize for that. The Action does work and it does not have anything to do with password rotation (another Action I wrote and submitted to the Marketplace). Here is the source code for it if you wish to learn how it functions and if you wish to build you own extension of this if you need to customize it further say for certain connection types or even segment it out further by organization or maybe a user’s role. We will be fixing the documentation shortly. Thanks

exports.onExecutePostLogin = async (event, api) => {
  const { ERROR_MESSAGE } = event.configuration;
  if (!event.user.email_verified) {