Prevent Users From Logging in Until They Verify Their Email Address

Overview

This article explains how to prevent users from being able to log in if they have not verified their email addresses.

Applies To

  • Actions
  • Auth0 Forms

Solution

Preventing users from being able to log in if their email address is not verified can be achieved through a Post Login Action script that verifies if the user’s email address is verified or not.

if (!event.user.email_verified) {
    api.access.deny('Verify your email');
}

The script can be paired with /jobs/verification-email to send the verification email again to the user. Also, a prompt can be created and triggered using Auth0 Forms that informs the user to verify their email address to log in.