Let users change their email address

Hello,

We want to implement the function of changing an email address.
We think that the process of changing an email address would be below.

1: A user enter the new email address.
2: An email will be sent to new one.
3: The user will check the email and be verified.
4: The email address will have been changed from old one to new one.

Let me confirm two points.
First, would this process of changing email be right? If there is a better process, please tell us.
Second, when sending an email to new address, we are going to use “passwordless APIs”.Is there a better way to send an email and verify the user other than using “passwordless APIs”?

Hi @canvas.future.paymen,

Thanks for reaching out to the Auth0 Community!

To update the user’s email address, you could use the Management API’s Update a user endpoint.

Then you can use the Management API’s Send an email address verification email endpoint to verify the user’s email address.

If needed, I recommend creating a Post-Login Action that checks if the user’s email address has been verified before logging in.

For example:

exports.onExecutePostLogin = async (event, api) => {
  if (!event.user.email_verified) {
    api.access.deny(`Access to ${event.client.name} is not allowed until you have verified your email address.`);
  }
};

I hope this helps!

Please let me know if you have any questions.

Thanks,
Rueben

Hi Rueben,

Thanks for your reply and example code!

Then, would the process of changing an email address be below, right?
1: A user enter the new email address.
2: An email will be sent to new one.( use the Management API’s Send an email address verification email endpoint)
3: The user will check the email and be verified.
4: The email address will have been changed from old one to new one.( use the Management API’s Update a user endpoint.)
5:Check if the user’s email address has been verified before logging in.

Let me check one point.
I checked the documents of management API about “Send an email address verification email”.
However, in this document, the body as a request parameter contains just user_id, so I think an email will be sent to old address which is tied to user_id.
What should we do to send an email to new address which users enter?

Thanks

Hi @canvas.future.paymen,

Thank you for your response.

I understand your approach in the flow you shared but it is not possible send an email address verification email until you have changed the email address of the user. If this step is done out of order, the user’s previous email address will receive the email verification instead of the new email address.

The sequence of events in your flow should be as follows:

  1. The user enters the new email address.
  2. Use the Management API’s Update a user endpoint to change the email address from the old one to the new one.
  3. Use the Management API’s Send an email address verification email endpoint to send an email to the new email address for verification.
  4. The user checks the email and completes the verification process.
  5. Before logging in, check if the user’s email address has been verified.

Please make sure to follow this sequence to ensure the proper handling of email address verification.

Let me know if you have any further questions.

Thanks,
Rueben

2 Likes

Hi @rueben.tiow ,

Thank you for your reply.
Owing to your kind description, I can understand the proper process of changing an email address.
I will implement this function according to your advice.

Finally, I’d like to ask one point about this process.
However users enter wrong email address, their email address would be changed with management API.(maybe not verified)
Then, when users want to login after changing email address, they won’t be able to login, because users enter wrong email address.
Is there any way to resolve this case?

Thanks

1 Like

Hi @canvas.future.paymen,

Thanks for following up!

Yes, that is a good point you have made!

In this situation, the user could change their email address again, hopefully, with a valid one, so they can proceed with email verification and log into your application.

Thanks,
Rueben

1 Like

Hi Rueben,

Well noted.
Many thanks!

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.