Problem statement
This article provides a workaround to prevent sending verification emails when creating a passwordless user using the Management API.
The below snippet sends out a verification email:
const client = new ManagementClient({
domain: config.auth0.domain,
clientId: secret.client_id,
clientSecret: secret.client_secret,
audience: config.auth0.managementAPIIdentifier,
});
return await client.createUser({
email,
email_verified: false,
verify_email: false,
connection: config.auth0.userConnection,
})
How can this be prevented?
Symptoms
For a newly created Passwordless connection, a user with the attribute email_verified=False, a verification email is still sent to the user.
Cause
The verify_email parameter passed through to the create user Management API V2 call is only applicable for Database connections. When creating a Passwordless user, that parameter will be ignored, and a verification email will be sent after the creation.
Solution
A feature request seeks to give the developer more options. This is currently in the Backlog of feature development tasks. To see this functionality in a future release of Auth0, please submit a feature request using this form.
There is a workaround: set the email_verified to true (to prevent the verification email from being sent out) on user creation and reset it to false after user creation.
- Creating a user via the Manage API, as in this example:
POST /api/v2/users
{ "email": "john.doe@gmail.com",
"connection": "email",
"email_verified": true
}
- Then update the user:
PATCH /api/v2/users/<user_id>
PATCH /api/v2/users/<user_id>
{ "email_verified": false }