Passwordless Connection - User Creation using API Sends Verification Email

Last Updated: Dec 16, 2024

Overview

This article provides a workaround to prevent sending verification emails when creating a passwordless user using the Management API. For a newly created passwordless connection, a user with the attribute email_verified=False, a verification email is still sent to the user.

The below snippet sends out a verification email:

const client = new ManagementClient({
domain: config.auth0.domain,
clientId: secret.client_id,
clientSecret: secret.client_secret,
audience: config.auth0.managementAPIIdentifier,
});

return await client.createUser({
email,
email_verified: false,
verify_email: false,
connection: config.auth0.userConnection,
})

How can this be prevented?

Applies To

  • Passwordless Connection
  • Verification Email
  • API

Cause

The verify_email parameter passed through to the create user Management API V2 call is only applicable for Database connections. When creating a Passwordless user, that parameter will be ignored, and a verification email will be sent after the creation. This is due to a current limitation in the product.

Solution

A feature request seeks to give the developer more options. This is currently in the Backlog of feature development tasks. To see this functionality in a future release of Auth0, please submit a feature request using this form.

There is a workaround: set the email_verified to true (to prevent the verification email from being sent out) on user creation and reset it to false after user creation.

  1. Creating a user via the Manage API, as in this example:
    POST /api/v2/users
{ "email": "john.doe@gmail.com",
  "connection": "email",
  "email_verified": true
}
  1. Then update the user:
    PATCH /api/v2/users/<user_id>

PATCH /api/v2/users/<user_id>

{ "email_verified": false }