If a new user signs up via Auth0, we require email verification. We let them know that an email has been sent and they need to verify before they can do anything else. That part works fine if you are in the same device/browser. However, there are many users who may use their phone to verify but that never completes the process because it doesn’t work on the phone. If they are on a different machine or browser, it still breaks the ability to save certain info (via cookie or localStorage) such as page they signed up from which we wish to track. What is the best way to handle this from the originating device/browser if the user uses another device (such as phone) to verify the email?
We are using SDK PHP webapp application for auth0 authentication.
Sounds like it might be best to send a OTP rather than the magic link - We do have an item on our roadmap to send a OTP rather than magic link for email verification, this update is currently targeted for end of January 2025. Please note that the timeline may change. I recommend keeping an eye on the Auth0 Changelog.
When I first read your response with a suggestion to use OTP, I was thinking it could be a viable solution. However, before I really read into how it would work, what I had in mind was an input field in OUR application that the user would enter the OTP from the email and we’d use the API to verify it. It doesn’t look to work that way via the Forms and Actions. What we really need is something that will stay in the browser the user signed up in so to keep all the saved data needed for processing after login. Can we have an input field in our application for the user to enter the OTP from the email?