Oh wow… I think I’ve finally figured out that it is in fact possible to do this entirely within Auth0. However, it’s non-trivial: you have to make heavy use of the low-code login flow customisations.
You will need:
- A custom Form that defines the screen to show the user when their address is unverified, and a button to allow resending the verification.
- A custom Flow to call the Auth0 API to resend the verification email when the user requests it. This piece also requires that you are set up to do M2M calls to your auth0 management API.
- A custom action in the Post-Login trigger graph to show the form at the end of the login sequence as long as the email address is unverified.
Why this is not baked into Auth0’s built-in components is a mystery to me. Again, I wonder if I’ve missed a way to do this more easily.
1. Custom form:
2. Custom Flow:
3. Custom Action:
const form_id = '<YOUR FORM ID>';
/**
* @param {Event} event - Details about the user and the context in which they are logging in.
* @param {PostLoginAPI} api - Interface whose methods can be used to change the behavior of the login.
*/
exports.onExecutePostLogin = async (event, api) => {
if (!event.user.email_verified) {
api.prompt.render(form_id);
}
}
/**
* @param {Event} event - Details about the user and the context in which they are logging in.
* @param {PostLoginAPI} api - Interface whose methods can be used to change the behavior of the login.
*/
exports.onContinuePostLogin = async (event, api) => {
// Re-present the form to the user on completion of the form as long as email is still unverified.
if (!event.user.email_verified) {
api.prompt.render(form_id);
}
}
