The problem is the following:
Once a user registers they are redirected to a page (/profile), where they can see that the email is not verified.
Let’s say they verify the email but…on the /profile they still see that it’s not verified because the session object is not updating.
A page refresh also does not solve this problem.
So the question is how can I update the user session object, where the email_verified is true?
(I am using JS, and NextJS)
I was investigating this today and came across your question. It doesn’t seem possible to refresh the JWT on the fly after verification without making the user log out and log in again.
But for my case, I went for the solution of a proxy endpoint to the Auth0 Management API because I need the information only in a specific view. Check if email_verified without signing in again. - #2 by jmangelo
Another solution is to force the user to log out and log in again. You could do this from a custom verification screen, the one seen after the user clicks the verification link. Then, the JWT should be refreshed, and so the session object will have email_verified
true
. I’ve occasionally seen websites that do this.
And finally, probably the best solution is a combination of the two. While you can’t update the JWT on the fly, you can update the session, setting email_verified
to true
from the verification screen after checking the email is verified with the Management API. UpdateSession | @auth0/nextjs-auth0
Hope this helps!