Email verification without inputting email address?

Hi there,

Some context first. We currently have the following signup flow:

  • Custom signup form on the website where the user inputs personal data
  • An asynchronous internal approval process on the admin website
  • API to create the user with the Management API (including some metadata)
  • On success, the admin website starts the passwordless login with verification code
  • The user gets the email, and then inputs its email address and verification code to log in to the website

Question: Is it possible to allow the user to log in without inputting the email address but rather just the verification code?

We would like to remove the extra friction on our current flow because the user not only needs to input the verification code but also its email address which in theory we could infer from the email. In other words, is there a way to pass the email address as part of the link (maybe as a query string parameter) to our website? Is that something Auth0 supports out-of-the-box?

Thanks in advance!

Hey there!

Unfortunately I believe it’s not possible with our stack yet. Can I ask you to create a feedback card for it using our Feedback category here:

Thank you!

Hi Konrad,

Thanks for your response. I understand Auth0 doesn’t support that out-of-the-box.

But in any case, would there be any security risks from implementing that ourselves?

It could be implemented by using a query string parameter, containing the base 64 encoded email address, on the link to our website. Or it could also be implemented by storing the email address on local storage. Can you see any problems with these approaches?