We are using the new universal login experience, and we would love to be able to include the email verification using OTP or link in your sign-up process. We don’t want to allow non-verified users to log in, but we also don’t want to handle this ourselves.
With how things work today users get an email after they sign up with a link to verify their email address. Users can still log in though, even without a verified email address. I know we could use a rule in auth0 to restrict access for non-verified users, and implement some UI in our app informing the users that they have to verify their email address to continue, but we want this entire process to be handled in the universal login experience.
We want to be able to configure our auth0 tenant to enforce email verification during the sign-up/login process, so we know that when a user is logged in the email has been verified. We want auth0 to take care of all of this, and we want to be able to choose between verifying the email with a link or with a one time code.
Yes, this feature would be great to have soon as possible. It could be like instagram that the user must confirm the email adress by passing a code. After that the user is created and can sign in. The user experience benefits if its solved as a option within the universal login.
This would be awesome, we still need to use the Classic login experience because the user experience is not the same (by far), because there is no easy way the sign up a user with the new flow.
We are currently unable to use the new universal login, because this very basic sign up flow (which is by the way supported by all the big techs) is not yet implemented into Auth0.
Our flow is this: The registered user invites another user to use the platform. He receives an email and clicks on it. It currently says enter the email and then proceeds with passwordless authentication, which is seamless for the end-user.
Now imagine this: The registered user invites another user to use the platform. He receives an email and clicks on it. The page says login or sign up (auth screen). The user clicks on the sign up button, enters email, then a new password. Now, because we disabled login without verified emails, he receives an error that he must verify his email. Ok. He opens his emails, finds the verification mail, and clicks on it. The account is verified, but he must open the original email invitation from the registered user because there was some queryString in the URL, which at this time is lost. He has to log in again.
I think this feature still needs some time to be ready, but my question is can we somehow, with actions/rules still use the new universal login without scaring away users? I read in other articles that it might be possible with pre-registration actions, but I haven’t seen any examples. If this is possible to do anyhow, can you share some examples with us?
Thank you everyone for your feedback and context! We review those feedback cards on a monthly basis and will let you know once we have any updates to share!
This is definitely one of those things where the further down the rabbit hole I go with Auth0, I find things and think “WTH? I decided to pay so I don’t have to do this myself, no I’m having to do this myself”. Really wish I’d never started on the Auth0 journey. This is BASIC STUFF.