How to configure /dbconnections/signup to send OTP for email verification?

I’m trying achieve a setup where users create an account using email/password and then verify their email address using a one-time password. Using a custom UI.

My initial approach was to hit the /dbconnections/signup route passing connection: email. On successful account creation, I would hit /passwordless/start passing connection: email. And then finally authenticate the user with their OTP, which sets the user record’s email_verified property to true.

What I found when trying to set this up is that upon creation of a user via the /signup route, auth0 automatically sends an email verification / authentication link to the email address used.

Is there any way to configure this so that it sends a code instead of a link?

Hello, @pgivens,

This would be considered Email MFA. Email MFA is currently supported only as a backup factor, and we do not support any other implementations.

Let me know if you have any other questions.

1 Like

I don’t want to force MFA for every authentication, I just want to use a code instead of a link for the one-time email verification. Can this be achieved through a rule or something?

Hello, @pgivens,

At the moment we only support email verification via a code, not a link. When users click the link the email would be verified. This is a very good idea, though, and I recommend that you reach out to our Product team directly here, to let them know about this: Auth0: Secure access for everyone. But not just anyone.

Thanks in advance!

Thank you for the replies.

To go at this from a different angle, how might I disable the automatic email that gets sent upon user creation? When I post to the /signup/ route, upon successful user creation, an email gets sent to the user with a magic link and message saying it expires within 3 hours. I don’t have any rules in place to facilitate this, so I assume it’s default behavior. Can that behavior be changed?

Hey @pgivens,

This can be achieved here: https://manage.auth0.com/#/templates

Select the Verification Email template, and turn the Status toggle off. That should deactivate it.

Let me know if this helped!

2 Likes

Just closing the loop on this for posterity’s sake.

What seems obvious to me now but didn’t when I posted this is that the user created by specifying connection: 'email' cannot ever be logged in with a username/password. The endpoint accepts those values but they are disregarded when the connection is set to ‘email.’ So my ideal flow was never going to work. I have resorted to using the new Universal Hosted Login experience.

Thanks for letting us know. Using that as a feedback for one of the teams!