Email sent although verify_email field is false

Hi,

We are sending a POST request to create a new user (create user doc.
We are receiving the verification email although the verify_email field is false, both through postman and programmatically.
To give some context - we want to create a user in Auth0 and later verify his email.
Could you please advise?

The request:

/api/v2/users
{
  "connection": "email",
  "email": "someEmail@gmail.com",
  "name": "someone",
  "user_metadata": {},
  "email_verified": **false**,
  "verify_email": **false**,
  "app_metadata": {}
}

Thanks

Hi @ron.p,

Welcome to the Auth0 Community!

By default, a verification email gets sent to every user with the email_verified property set to false.

Moreover, if you plan to create users and send the verification email at a later time, please see this doc to learn more on customizing the email verification flow.

Please let me know if you have any questions.

Thank you.

Hi @rueben.tiow
Thanks for the quick reply.
My intention is to create a user with email_verified false and not send the verification email.
According to the API documentation:

“Whether the user will receive a verification email after creation (true) or no email (false). Overrides behavior of email_verified parameter.”

What is the correct way to achieve my intention above?

Thank you

Hi @ron.p,

Thank you for your response and clarification.

For this scenario, there is the option to create the user with the verify_email: false property to prevent the verification email from being sent to them.

Alternatively, you could disable the Verification Email template on your Auth0 Dashboard > Branding > Email Templates > Verification Email (using Link). This will prevent any Verification Emails from being sent to a newly created user.

Then, at a future time, you can create an email verification ticket by calling the Management API Create an email verification ticket endpoint and sending it to the user to verify their email addresses.

Hoped this helps!

Thank you.

Hi @rueben.tiow,
Thanks for the comment.

Regarding your comment above, does that solve also the SMS verification? Is there a dedicated endpoint for that?

Regarding my original question, is email_verify supposed to work and this is a bug?

Thanks

Hi @ron.p,

Thank you for your reply.

Unfortunately, there isn’t an endpoint for SMS verification. Moreover, you can only verify users with their email addresses.

After testing, I did not find the same observations as you. Instead, I could create a new user with the email_verify: false property that prevented the email verification from being sent to them.

Please let me know if you have any further questions

Thank you.

Hi @rueben.tiow
I tried multiple times and still got the verification email.
The following payloads did not work and I got an email:

{
  "connection": "email",
  "email": "ron.p+test32123@gmail.com",
  "verify_email": false
}

or

{
  "connection": "email",
  "email": "ron.p+test32111@gmail.com",
  "email_verified": false,
  "verify_email": false
}

Can you please advise or share the right payload? Thank you

Hi @ron.p,

Thank you for your response and update.

I understand that you are still encountering issues with creating users without sending the verification email.

The correct payload should include the connection, email, password, and verify_email properties in the request. See below:

curl --location --request POST 'https://YOUR_DOMAIN.REGION.auth0.com/api/v2/users' \
--header 'Authorization: Bearer YOUR_TOKEN' \
--header 'Content-Type: application/json' \
--data-raw '{
  "email": "someuser@example.com",
  "connection": "Username-Password-Authentication",
  "password": "secret",
  "verify_email":  false
}'

I have tested this with both verify_email set to true and false and managed to get the expected outcomes, namely sending or not sending the verification email.

Please let me know how this works for you.

Thank you!

Hi @rueben.tiow,
I didn’t mention it before but we are creating only users with an email connection and later using the Auth0 passwordless for authentication. So the Username-Password-Authentication connection is not relevant for us.
It means the user does not have a password, and from Auth0 docs it is an optional param: Auth0 Management API v2

I expect that this payload will work too:

{
  "connection": "email",
  "email": "ron.p+test32123@gmail.com",
  "verify_email": false
}

but I still get an email when creating a new user (although the verify_email is false).
Can you please help us to figure out how to achieve this with an email connection?
Thank you!

Hi @ron.p,

Thank you for your response and clarification.

After testing further in a Passwordless Email User scenario, I found that the Verification Email is not supported for Passwordless Email users.

When I created a new Passwordless Email User using "verify_email": false, I did not receive any verification emails. Similarly, I did not receive any verification emails when creating a new Passwordless Email user with the "verify_email" property omitted, with the payload below:

{
  "connection": "email",
  "email": "ruebentiow+test@gmail.com"
}

This is consistent with my findings when trying to send a Verification Email using the Management API’s Send an email address verification email endpoint to a Passwordless Email User:

image2268×1376 250 KB

With that, I can confirm that creating Passwordless Email users will not send any verification emails to the users.

I hope this helps!

Please let me know if you are still encountering issues or have further questions.

Thank you.

Hey,
I am facing the exact same issue, did you figure out how to prevent this “sign in email” to be sent at the user creation?
best
Arnaud

Hi @arnaudf,

The correct way to prevent sending a verification email to a newly created user is to pass the "verify_email": false property in the request.

Please see my earlier post regarding this. Also, note that this will only work for database users.

Please, let me know if you have any questions.

Thank you.

Hi @rueben.tiow, I believe that the mail they are speaking about is not the “verification email”.
I have the same issue, when I create a new user (“connection”: “email”) through API, the new user receive a sign-in email (the same email that a user receive when he tries to login to the application).
Is there a way to prevent the sign-in email to be sent after a user creation through API?

Hi Rueben,

the solution in the earlier post does not work for me and I understand it is the same for ron.p as we don’t use

but we use a passwordless connection and then users are created with:

  "connection": "email",

can we prevent the sign-in email to be sent?

Hi @arnaudf,

Thank you for your response and clarification.

First, let me clarify that the Passwordless Email Connection does not support sending verification emails.

I mentioned in this post that during my tests, I confirmed it is not possible to send a verification email to a Passwordless Email User.

The sign-in email, however, cannot be prevented since it contains a link/code sent to the user to proceed with the login.

Does that answer your question?

Thank you.

Hi @rueben.tiow,

thanks for the confirmation. Sadly, it means we won’t go to production with auth0.

Hi @arnaudf,

We’re sorry to hear that!

If you have a moment, could you please take a minute to submit a feedback request asking for support to prevent the sign-in email from being sent to a newly created Passwordless user?

Thank you!

Hi @rueben.tiow,

I noticed that this “sign-in email” is not sent to a newly created Passwordless user, if the user is created using: “email_verified”: true
So, this “sign-in email” should not be prevented also if the user is created using “verify_email”: false?

I can also confirm that the verification email was still being sent when creating a user with { connection: email, verify_email: false }. I have also disabled the verification email template.

For anyone else trying to figure out how to create a user and prevent the email from being sent, my current hack/solution as to set { connection: email, email_verified: true } when creating the user and then immediately updating the user with { email_verified: false } in order to prevent the initial verification email from being sent. I then send a magic link with a separate request.