Our signup flow sends users to the Universal Signup page, after which they are redirected back to our site where we display a message indicating they need to check their email for a verification link.
At this point, on our site, the auth0-spa-js getUser function reports
The user then checks their email, clicks on the link, and lands back on our site. At this point, on a fresh page load,
getUser still reports
What is the recommended way to get the updated
email_verified state? I’ve tried
ignoreCache but that requires a relogin which results in a poor user experience.
Heya @heyzk , welcome to the community!
ignoreCache option on
getTokenSilently should allow you to force the SDK to fetch new tokens rather than using the cache, and so
getIdTokenClaims called after that has resolved should provide the updated email_verified value.
If users are bring prompted to login in again it may be a cookie issue, such as the browser dropping the cookies as they are considered 3rd party.
If you can set up a Custom Domain so your tenant resides on the same parent domain as your application, then this should stop browsers from dropping the Auth0 session cookies, and allow you to use
ignoreCache enabled without causing the user to be prompted to log in again.
Failing that, you may need to call
loginWithRedirect - this would redirect the user’s browser but the cookies should remain intact this way, thus the user should not be prompted to log in again upon reaching Auth0, and instead be immediately redirected back to your app with new tokens upon the flow’s completion:
Hi sgo, apologies, I clearly stated that I’ve tried using the ignoreCache option and while that did return the correct email_verified state, it was only after the user has logged in again which is not a good experience and overly complicated for what I’m trying to accomplish.
ignoreCache requires prior knowledge on whether or not the user had just signed up, which requires a separate code path to send the user to after a sign up, which requires passing some state through the auth0 login / signup flow. So to do something which should be simple (give me the non-cached user state) I need to touch code across half the app.
This is not a good solution, am I missing something?