Email validation + password email validation

gimena · October 2, 2021, 8:56pm

I have two apps in the same tenant and I need a different behaviour for each one. For one of them I configured the password email verification defining (rules + hook) and it’s working fine. The other one requieres to send a validation email, but I cannot get it working.

Is there a way that both configurations coexist? How?

rueben.tiow · October 4, 2021, 9:30pm

Hi @gimena,

Welcome to the Auth0 Community!

I understand that you have some questions regarding configuring Rules with your Applications.

First, could you clarify whether you are using the same Rule for both applications? Or are they two different Rules for each application?

And could you please clarify whether you intend to perform email verification and not email validation?

Thank you.

gimena · October 4, 2021, 9:50pm

Hi @rueben.tiow
thanks for your quick response!

First, could you clarify whether you are using the same Rule for both applications? Or are they two different Rules for each application?

At the moment I have defined one hook to send an email asking to set the password and a rule which set the email as validated when it occurs.

And could you please clarify whether you intend to perform email verification and not email validation?

I’m trying to do an email verification in different ways.

rueben.tiow · October 4, 2021, 11:35pm

Hi @gimena,

Thank you for your response.

Based on what I have gathered, I believe that you are trying to perform email verification in different ways depending on the application in your tenant.

In the context of Rules, you can specify the context.clientID to perform the specific email verification for each application. See our Rules Context Object for more properties.

If I did not answer your question, please help me by answering further clarifying questions.

First, could you please elaborate on what is preventing you from having both configurations working together? Is there any specific errors or limitation stopping you?

Next, could you please clarify what you’d like to do with your second app regarding Rules and Hooks and how you intend to use them?

For now, you may find this documentation on sending verification emails with Rules useful:
https://auth0.com/docs/brand-and-customize/email/manage-email-flow#send-verification-email-with-rules

Looking forward to your response.

Thank you.

gimena · October 5, 2021, 12:38pm

Thanks @rueben.tiow,

Based on what I have gathered, I believe that you are trying to perform email verification in different ways depending on the application in your tenant.

yes that’s exactly what I want.

I’ve tried to add a rule hitting …/api/v2/jobs/verification-email but it requires the Status toggle enabled for the verification email and the email sends twice. Related to this one, the email verification link works, it means the email sets as validated, but shows an error page.

I’ve also seen the one that you mentioned, but I don’t understand the payload:

request.post({
url: ‘https://yourapi.yourcompany.com/mail/verification’,
json: {
user: user,
context: context,
secretToken: configuration.MY_SECRET_TOKEN,
},

How do I get secretToken, where is the place on dashboard to get it?
and then how to get “your api” & “your company”, are they my domain ? like https://TENANT_NAME.us.auth0.com ?

Thank you!

rueben.tiow · October 12, 2021, 3:40am

Hi @gimena,

Thank you for your response.

Yes, that is correct. By default, all newly signed up users will receive an Email Verification email when the **Email Verification ** template is enabled. Creating a rule to send an Email Verification email for unverified users using the Management API will also trigger this event, resulting in double sending emails.

To circumvent double sending emails, I recommend the following for a more frictionless approach:

Disable the Status for Email Verification template
Create a Rule that checks for the clientID of your second application, and then send a verification email using the Management API. Here is a plug & play code snippet using Rules, be sure to add the clientID of your second app:

function (user, context, callback) {
  const ManagementClient = require('auth0@2.9.1').ManagementClient;
  const management = new ManagementClient({
    token: auth0.accessToken,
    domain: auth0.domain
  });
  
  if(context.clientID === "YOUR_2ND_APP_CLIENT_ID"){
    var params = {
			user_id: user.user_id
		};
    management.sendEmailVerification(params, function (err) {
      if (err) {
        // Handle error.
      }
    });
  }
  return callback(null, user, context);
}

After doing so, this should allow you to have both applications with their own email verification approaches without interference or double sending emails. Moreover, this rule will only execute for your second app, and send Email Verification emails programmatically whenever a new user signs up.

Please let me know how this works for you.

Thank you.

gimena · October 14, 2021, 3:04pm

Hi @rueben.tiow,

I really appreciate your help. I’ve tested the code you shared, and it works only if I have the Email verification template enabled. I know you said:

Disable the Status for Email Verification template

But doing that, the email is not be sent and if I enable I receive it twice. I’ve been looking at management api documentation and it says:

“Note: You must have the Status toggle enabled for the verification email template for the email to be sent.”

Is there a way to send verification email without having template enabled?

Thanks!