Force email verification not working as expected

hi, I am using the free plan to try out auth0 for my application. I have two users created in my application so far(one through the auth0 dashboard, and one through my application/auth0 universal login/signup page. I also created a rule in dashboard for “Force Email Verification”, but that does not seem to be working, the user I created through the signup is unverified, and I am still able to login to my application using that user-email and password after enabling the rule, is there anything else I am missing?

Thanks.

Hey @phanideep4blogging , Welcome to the Auth0 Community!

Ideally the rule checks the email_verified property of the user profile and returns error in the callback if the attribute is not verified. For your user what does the Email field show?

Screen Shot 2021-02-21 at 2.24.51 pm1173×568 42.5 KB

for my user it shows (pending) under the email field. I have not clicked on the verify link in the email I got, I wanted to check what error I will get, do I need to capture the error on my application side and show it to the user? Because when the user tries to login from the auth universal login page, redirects back to application home. Is that how it usually works.

Hey @phanideep4blogging ,

yes the error is returned in the callback, Since the error generated in the Rule, its more of an authorization error and is notified to the application in the callback, you will need to handle this error. You can redirect back to the home page with error display or show the user a error page with the error information. Depends on how you want to implement it.

Is there any way we can auto verify some users in auth0 API and some users to verify by magic link?
Mean if say we pass email_verify: force for some emailid and for some email_verify: default. As we don’t want every user to verify its account.