Passwordless login emailVerified status

tokenfoliocoo · March 4, 2022, 3:03pm

Hi there,
I’m implementing a custom universal login for my passwordless system. I’m having trouble with the email verified status using the Auth0.js library.
My expectation:
When a new user starts their first authentication process, after the webAuth.passwordlessStart, I expect the response emailVerified to be false, which is what I get. After a successful authentication (after webAuth.passwordlessLogin, I would expect the user’s email to be marked as verified (email_verified: true). User management also shows this accordingly on the dashboard.
However, every authentication after the initial one, webAuth.passwordlessStart keeps returning emailVerified as false.
In conclusion, the emailVerified value in passwordless login seems to be inconsistent to the actual status.
Btw, response_type is set to token all through.

Looking forward to your response. Kind regards!

rueben.tiow · March 5, 2022, 12:34am

Hi @tokenfoliocoo,

Welcome to the Auth0 Community!

I am looking into your observations and will get back to you once I have new updates.

Thank you.

rueben.tiow · March 8, 2022, 8:42pm

Hi @tokenfoliocoo,

After looking into this further, I found that the Email Passwordless login flow will always verify the user’s email address whenever they successfully log in with a valid code. This is consistent with my tests and could not reproduce a scenario where the user has an unverified email.

In this case, could you please capture a HAR file of complete authentication events and DM them to me?

I’d like to trace these logs and see what is happening.

Thank you.