Hello! We are using actions to check if the email is verified after a successful login. When I said successful login, I mean when the DB script login return successfuly the user_profile.
return callback(null, {user_profile});
To force email verification we use an action with this code:
action code:
if (!event.user.email_verified) {
api.access.deny('Please verify your email before logging in.');
}
This causes Auth0 to redirect to callbackUri?error=access_denied&error_description=Please verify your email before logging in..
When this happens, we send a verification email and show the user a screen to continue with the flow, but we see that when going back to the login flow, the user has to enter their username and password again. Is this the expected behavior?
I watched this video https://www.youtube.com/watch?v=VM49mPTLsv0 and I saw that the application receive the state query param.
If I track the requests in the login flow, I see that auth0 clean all cookies before call my callback URL.