We want to implement the function of changing an email address.
We think that the process of changing an email address would be below.
1: A user enter the new email address.
2: An email will be sent to new one.
3: The user will check the email and be verified.
4: The email address will have been changed from old one to new one.
Let me confirm two points.
First, would this process of changing email be right? If there is a better process, please tell us.
Second, when sending an email to new address, we are going to use “passwordless APIs”.Is there a better way to send an email and verify the user other than using “passwordless APIs”?
If needed, I recommend creating a Post-Login Action that checks if the user’s email address has been verified before logging in.
For example:
exports.onExecutePostLogin = async (event, api) => {
if (!event.user.email_verified) {
api.access.deny(`Access to ${event.client.name} is not allowed until you have verified your email address.`);
}
};
Then, would the process of changing an email address be below, right?
1: A user enter the new email address.
2: An email will be sent to new one.( use the Management API’s Send an email address verification email endpoint)
3: The user will check the email and be verified.
4: The email address will have been changed from old one to new one.( use the Management API’s Update a user endpoint.)
5:Check if the user’s email address has been verified before logging in.
Let me check one point.
I checked the documents of management API about “Send an email address verification email”.
However, in this document, the body as a request parameter contains just user_id, so I think an email will be sent to old address which is tied to user_id.
What should we do to send an email to new address which users enter?
I understand your approach in the flow you shared but it is not possible send an email address verification email until you have changed the email address of the user. If this step is done out of order, the user’s previous email address will receive the email verification instead of the new email address.
The sequence of events in your flow should be as follows:
The user enters the new email address.
Use the Management API’s Update a user endpoint to change the email address from the old one to the new one.
Thank you for your reply.
Owing to your kind description, I can understand the proper process of changing an email address.
I will implement this function according to your advice.
Finally, I’d like to ask one point about this process.
However users enter wrong email address, their email address would be changed with management API.(maybe not verified)
Then, when users want to login after changing email address, they won’t be able to login, because users enter wrong email address.
Is there any way to resolve this case?
In this situation, the user could change their email address again, hopefully, with a valid one, so they can proceed with email verification and log into your application.