Basically my team has to use our own email due to the fact that we need to include information coming from stripe and our backend (like tracking details for shipping). We encountered issues with the verification email where basically when we call check session after redirecting back it says the user isn’t authenticated and logs out due to the issue called out here:
“setting email_verified via the API is considered a “change of email address” and thus the session is invalidated”
My question is now we changed it to our own email provider SMTP and are using a flag in our backed instead of using the auth0 flag. This still results in the issue when the session refreshes or when the email opens up a new browser window since it still changes the flag to true, so basically anytime it checks it sees the new flag. Here is my check session:
const renewSession = async () => {
auth0Client.checkSession({}, async (err, authResult) => {
console.log("AUTH RESULT", authResult);
if (authResult && authResult.accessToken && authResult.idToken) {
await setSession(authResult);
} else if (err) {
console.log("loggin out inside renew session");
logout();
console.log(err);
alert(
`Could not get a new token (${err.error}: ${err.error_description}).`
);
}
});
setUser(getUser());
setAuthenticated(true);
}
It comes back as undefined and then logs out the user.
MAIN QUESTION- is there a way to turn off the flag all together and only use our backend somewhere in the auth0 settings.