Auth0 Home Blog Docs

Get user_id from "Force email verification" rule

rules
authentication

#1

I enabled the default “Force email verification” rule. It looks like this.

function (user, context, callback) {
  if (!user.email_verified) {
    return callback(new UnauthorizedError('Please verify your email before logging in.'), user);
  } else {
    return callback(null, user, context);
  }
}

After the user registers or tries to sign in before they’ve verified their email, they’ll be denied access.

I’m using the angular SPA app and I have a angularAuth0 service that receives this error. The code looks like this

angularAuth0.parseHash(function(err, authResult) {
  if (err) {
        if( err.errorDescription === 'Please verify your email before logging in.' ) {
          // do something
        }
      }
    });

Currently, I redirect them to a page explaining they need to verify their email. On that page, I want to allow them to initiate resending the verification email.

I’ve written and tested the code to send the verification email. The only thing is, I need the user_id of the person who tried to sign in.

How do I get that?


#2

Sorry for the delay, Depending on the application you might be able to avoid this entirely.

If “validated” email is not a hard requirement, the simplest way to provide a graceful UX / UI would be to use the profile’s email_verified field (provided when email / email_verified is requested in scope) to check if the user’s email was verified.

If the user’s email was not verified, you can then use this information to limit the user’s access in the access token and on the client show a button which fires a request to your server.

The advantage of this approach is when ultimately the user does verify the email your application will be updated in context without having the user perform re-login and provide their credentials again.

Alternatively, the only solution would be to add the user’s id in the UnauthorizedError’s response and then parse it on the client.