I am building a SPA + Rest API and integrating it with Auth0.
My SPA needs to know whether and when a user verifies their email. When a user just registers and logs in, their email is not verified, therefore
email_verified: false. While still on the page, a user might click the
verify link on any device.
id_token does not get updated, therefore, the SPA doesn’t know that a user has verified the application.
/userinfo endpoint would provide
email_verified: true, but there is no way of knowing when to check the
/userinfo endpoint and constant polling seems to be the only option.
Am I missing something, or oidc + auth0 doesn’t deal nicely with such scenarios? It seems to be such a basic feature, but solution far from straightforward.