Email sent although verify_email field is false

ron.p · May 11, 2022, 7:38am

Hi,

We are sending a POST request to create a new user (create user doc.
We are receiving the verification email although the verify_email field is false, both through postman and programmatically.
To give some context - we want to create a user in Auth0 and later verify his email.
Could you please advise?

The request:


/api/v2/users
{
  "connection": "email",
  "email": "someEmail@gmail.com",
  "name": "someone",
  "user_metadata": {},
  "email_verified": **false**,
  "verify_email": **false**,
  "app_metadata": {}
}

Thanks

rueben.tiow · May 11, 2022, 7:55am

Hi @ron.p,

Welcome to the Auth0 Community!

By default, a verification email gets sent to every user with the email_verified property set to false.

Moreover, if you plan to create users and send the verification email at a later time, please see this doc to learn more on customizing the email verification flow.

Please let me know if you have any questions.

Thank you.

ron.p · May 11, 2022, 9:17am

Hi @rueben.tiow
Thanks for the quick reply.
My intention is to create a user with email_verified false and not send the verification email.
According to the API documentation:

“Whether the user will receive a verification email after creation (true) or no email (false). Overrides behavior of email_verified parameter.”

What is the correct way to achieve my intention above?

Thank you

rueben.tiow · May 12, 2022, 6:54pm

Hi @ron.p,

Thank you for your response and clarification.

For this scenario, there is the option to create the user with the verify_email: false property to prevent the verification email from being sent to them.

Alternatively, you could disable the Verification Email template on your Auth0 Dashboard > Branding > Email Templates > Verification Email (using Link). This will prevent any Verification Emails from being sent to a newly created user.

Then, at a future time, you can create an email verification ticket by calling the Management API Create an email verification ticket endpoint and sending it to the user to verify their email addresses.

Hoped this helps!

Thank you.

ron.p · May 15, 2022, 7:55am

Hi @rueben.tiow,
Thanks for the comment.

Regarding your comment above, does that solve also the SMS verification? Is there a dedicated endpoint for that?

Regarding my original question, is email_verify supposed to work and this is a bug?

Thanks

rueben.tiow · May 16, 2022, 9:42pm

Hi @ron.p,

Thank you for your reply.

Unfortunately, there isn’t an endpoint for SMS verification. Moreover, you can only verify users with their email addresses.

After testing, I did not find the same observations as you. Instead, I could create a new user with the email_verify: false property that prevented the email verification from being sent to them.

Please let me know if you have any further questions

Thank you.

ron.p · June 13, 2022, 12:05pm

Hi @rueben.tiow
I tried multiple times and still got the verification email.
The following payloads did not work and I got an email:

{
  "connection": "email",
  "email": "ron.p+test32123@gmail.com",
  "verify_email": false
}

or

{
  "connection": "email",
  "email": "ron.p+test32111@gmail.com",
  "email_verified": false,
  "verify_email": false
}

Can you please advise or share the right payload? Thank you

rueben.tiow · June 13, 2022, 4:32pm

Hi @ron.p,

Thank you for your response and update.

I understand that you are still encountering issues with creating users without sending the verification email.

The correct payload should include the connection, email, password, and verify_email properties in the request. See below:

curl --location --request POST 'https://YOUR_DOMAIN.REGION.auth0.com/api/v2/users' \
--header 'Authorization: Bearer YOUR_TOKEN' \
--header 'Content-Type: application/json' \
--data-raw '{
  "email": "someuser@example.com",
  "connection": "Username-Password-Authentication",
  "password": "secret",
  "verify_email":  false
}'

I have tested this with both verify_email set to true and false and managed to get the expected outcomes, namely sending or not sending the verification email.

Please let me know how this works for you.

Thank you!

ron.p · June 13, 2022, 5:20pm

Hi @rueben.tiow,
I didn’t mention it before but we are creating only users with an email connection and later using the Auth0 passwordless for authentication. So the Username-Password-Authentication connection is not relevant for us.
It means the user does not have a password, and from Auth0 docs it is an optional param: Auth0 Management API v2

I expect that this payload will work too:

{
  "connection": "email",
  "email": "ron.p+test32123@gmail.com",
  "verify_email": false
}

but I still get an email when creating a new user (although the verify_email is false).
Can you please help us to figure out how to achieve this with an email connection?
Thank you!

rueben.tiow · June 15, 2022, 5:58pm

Hi @ron.p,

Thank you for your response and clarification.

After testing further in a Passwordless Email User scenario, I found that the Verification Email is not supported for Passwordless Email users.

When I created a new Passwordless Email User using "verify_email": false, I did not receive any verification emails. Similarly, I did not receive any verification emails when creating a new Passwordless Email user with the "verify_email" property omitted, with the payload below:

{
  "connection": "email",
  "email": "ruebentiow+test@gmail.com"
}

This is consistent with my findings when trying to send a Verification Email using the Management API’s Send an email address verification email endpoint to a Passwordless Email User:

With that, I can confirm that creating Passwordless Email users will not send any verification emails to the users.

I hope this helps!

Please let me know if you are still encountering issues or have further questions.

Thank you.

arnaudf · June 24, 2022, 1:04pm

Hey,
I am facing the exact same issue, did you figure out how to prevent this “sign in email” to be sent at the user creation?
best
Arnaud

rueben.tiow · July 6, 2022, 5:34pm

Hi @arnaudf,

The correct way to prevent sending a verification email to a newly created user is to pass the "verify_email": false property in the request.

Please see my earlier post regarding this. Also, note that this will only work for database users.

Please, let me know if you have any questions.

Thank you.

alessandrof94 · July 12, 2022, 12:14pm

Hi @rueben.tiow, I believe that the mail they are speaking about is not the “verification email”.
I have the same issue, when I create a new user (“connection”: “email”) through API, the new user receive a sign-in email (the same email that a user receive when he tries to login to the application).
Is there a way to prevent the sign-in email to be sent after a user creation through API?

arnaudf · July 12, 2022, 1:19pm

Hi Rueben,

the solution in the earlier post does not work for me and I understand it is the same for ron.p as we don’t use

but we use a passwordless connection and then users are created with:

  "connection": "email",

can we prevent the sign-in email to be sent?

rueben.tiow · July 13, 2022, 5:29pm

Hi @arnaudf,

Thank you for your response and clarification.

First, let me clarify that the Passwordless Email Connection does not support sending verification emails.

I mentioned in this post that during my tests, I confirmed it is not possible to send a verification email to a Passwordless Email User.

The sign-in email, however, cannot be prevented since it contains a link/code sent to the user to proceed with the login.

Does that answer your question?

Thank you.

arnaudf · July 14, 2022, 2:48pm

Hi @rueben.tiow,

thanks for the confirmation. Sadly, it means we won’t go to production with auth0.

rueben.tiow · July 14, 2022, 4:36pm

Hi @arnaudf,

We’re sorry to hear that!

If you have a moment, could you please take a minute to submit a feedback request asking for support to prevent the sign-in email from being sent to a newly created Passwordless user?

Thank you!

alessandrof94 · July 20, 2022, 9:25am

Hi @rueben.tiow,

I noticed that this “sign-in email” is not sent to a newly created Passwordless user, if the user is created using: “email_verified”: true
So, this “sign-in email” should not be prevented also if the user is created using “verify_email”: false?

brandon44 · September 2, 2022, 8:30pm

I can also confirm that the verification email was still being sent when creating a user with { connection: email, verify_email: false }. I have also disabled the verification email template.

For anyone else trying to figure out how to create a user and prevent the email from being sent, my current hack/solution as to set { connection: email, email_verified: true } when creating the user and then immediately updating the user with { email_verified: false } in order to prevent the initial verification email from being sent. I then send a magic link with a separate request.

Topic		Replies	Views
Set email_verified true in a pre-registration action Help emails , management-api	5	2544	April 23, 2023
Your email address could not be verified Help	7	11937	June 16, 2020
Email verification exception upon creating new user Help signup , password	6	5434	January 26, 2022
Passwordless Connection - User Creation using API Sends Verification Email Knowledge Articles	1	1117	May 16, 2023
Sending verification e-mail 'manually' Help verifica , verification-email	2	4617	March 17, 2021

Email sent although verify_email field is false

Related Topics