Force email verification not working as expected

phanideep4blogging · February 21, 2021, 12:19am

hi, I am using the free plan to try out auth0 for my application. I have two users created in my application so far(one through the auth0 dashboard, and one through my application/auth0 universal login/signup page. I also created a rule in dashboard for “Force Email Verification”, but that does not seem to be working, the user I created through the signup is unverified, and I am still able to login to my application using that user-email and password after enabling the rule, is there anything else I am missing?

Thanks.

sidharth.chaudhary · February 21, 2021, 3:28am

Hey @phanideep4blogging , Welcome to the Auth0 Community!

Ideally the rule checks the email_verified property of the user profile and returns error in the callback if the attribute is not verified. For your user what does the Email field show?

phanideep4blogging · February 21, 2021, 3:40am

for my user it shows (pending) under the email field. I have not clicked on the verify link in the email I got, I wanted to check what error I will get, do I need to capture the error on my application side and show it to the user? Because when the user tries to login from the auth universal login page, redirects back to application home. Is that how it usually works.

sidharth.chaudhary · February 21, 2021, 6:32am

Hey @phanideep4blogging ,

yes the error is returned in the callback, Since the error generated in the Rule, its more of an authorization error and is notified to the application in the callback, you will need to handle this error. You can redirect back to the home page with error display or show the user a error page with the error information. Depends on how you want to implement it.