Overview
This article explains how to prevent users from being able to log in if they have not verified their email addresses.
Applies To
- Actions
- Auth0 Forms
Solution
Preventing users from being able to log in if their email address is not verified can be achieved through a Post Login Action script that verifies if the user’s email address is verified or not.
if (!event.user.email_verified) {
api.access.deny('Verify your email');
}
The script can be paired with /jobs/verification-email to send the verification email again to the user. Also, a prompt can be created and triggered using Auth0 Forms that informs the user to verify their email address to log in.