I would like to have some aspects of an app available to non verified users but the full experience is unlocked once their email has been verified. I’ve seen a few posts suggesting the webhook extension for management api but does not seem like a particularly ‘responsive’ solution (minimum interval is 5 minutes?).
Does Auth0 expect me to block sign in until their account has been verified? Assuming i’m using universal login, what is meant to happen after logging in, I direct them back to the login page with some sort of message saying ‘verify email before logging in again’. That seems a bit jarring. I’m open to suggestions though of how to approach this flow. Thanks.
In your access token, add a custom field for “email verified”. Then for users who are not verified, your app will check the access token and disable the features they shouldn’t get.
You’ll need a rule to add that to the access token.
You may want a progressive profiling redirect rule, that detects when a user hasn’t verified their email and asks them to.
Since I want the user to be able to explore a limited part of the app when logged in, there isnt a way to notify the app that the user has verified their email because that email verified flag is only retrieved when signing in through auth0. They would need to logout and login through auth0 again to retrieve the updated email verified flag.
There may be a way to do what you want: have the access token include the email verified flag as I suggested. When the user tries to access the premium part of the app, check the flag. If it is not verified, do a silent authentication (requiring no user interaction) to get a new access token, and recheck the flag. If it is still not verified, then inform them they have to verify the email before proceeding.
You are using SSO to get the token again, to see if the flag has changed.
As much as I dislike posting a “me too” message, I know of no other way to advocate for this. Perhaps something exists that did not when this thread was opened 2+ years ago.
As this topic is related to Rules - Hooks - Actions and Rules & Hooks are being deprecated soon I’m excited to let you know about our next Ask me Anything session in the Forum on Thursday, January 18 with the Rules, Hooks and Actions team on Rules & Hooks and why Actions matter! Submit your questions in the thread above and our esteemed product experts will provide written answers on January 18. Find out more about Rules & Hooks and why Actions matter! Can’t wait to see you there!