Email verification not working

I have huge problem related to email verification. After clicking verify link from email im getting positive response that everything was verified. But is_verified property is not changing and user status next to email is ‘pending’

What i’m doing first is changing email address using Management API. Because i have custom database checked( to do some login overrides) i have uploaded change email script:

function changeEmail(oldEmail, newEmail, emailVerified, callback) {
  var changeWasSuccessful = true
  callback(null, changeWasSuccessful)
}

Changing email works as expected(email was changed with status pending/is_verified=false).

Next thing i wanted to achieve was to send verification email for updated email. For that im using Auth0 Management API v2

I Am receiving beautifull email with verify link. After clicking on it new tab is opening with information
“Your email was verified. You can continue using the application.”
Everything look fine but is_verified status is not changing and on panel i have email ‘pending’ status.

I have simple verify script, and my first thought are that something is missing here, but i cannot find any documentation on that. Without this script im getting information that verify script is needed…but with below script there are no errors at any level, status is_verified is just not updating.

function verify (email, callback) {
  callback(null, true);
}

Where are you getting is_verified from? The standard field in an Auth0 user profile for indicating that their email address is verified is called email_verified. E.g.,

"email_verified": true,

That is the field that Auth0 will update when a user clicks the verification link.

3 Likes

yes in whole post i was refering to “email_verified” field which is not updating after clicking verify link in email.

Ok, i have figured it out. I have overridden verify method. I Am changing email_verified field using management API from inside verify function. Example code:

function verify (email, callback) {
  const makeRequest = require('request');

  const getManagementApiToken = async () => {
    return new Promise((resolve, reject) => {
      makeRequest({
        method: 'POST',
        url: `.../oauth/token`,
        headers: { 'content-type': 'application/json' },
        body: JSON.stringify({
          client_id: `...`,
          client_secret: `...`,
          audience: `.../api/v2/`,
          grant_type: 'client_credentials'
        })
      }, (error, response) => {
        if (!error) {
          const token = JSON.parse(response.body).access_token
          resolve(token)
        }
      })
    })
  }

  const getUserByEmail = (token) => {
    return new Promise((resolve, reject) => {
      makeRequest({
        method: 'GET',
        url: `.../api/v2/users-by-email`,
        headers: {
          'content-type': 'application/json',
          authorization: `Bearer ${token}`
        },
        qs: {
          email
        }
      }, (error, response) => {

        if (!error) {
          resolve(JSON.parse(response.body)[0])
        } else {
          reject(error)
        }
      })
    })
  }

  const changeEmailVerified = (userId, token) => {
    return new Promise((resolve, reject) => {
      makeRequest({
        method: 'PATCH',
        url: `.../api/v2/users/${userId}`,
        headers: {
          'content-type': 'application/json',
          authorization: `Bearer ${token}`
        },
        body: JSON.stringify({
          email_verified: true,
          connection: '...'
        })
      }, (error, response) => {
        if (!error) {
          resolve(response)
        } else {
          reject(error)
        }
      })
    })
  }

  const updateIsVerified = async () => {
    const token = await getManagementApiToken()
    const user = await getUserByEmail(token)
    await changeEmailVerified(user.user_id, token)
    callback(null, true)
  }

  updateIsVerified()
}
2 Likes

Great that you’ve been able to go through that and thanks for providing the info for whole community!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.