Reseting Password sets Email Verified to True, but Does Not Send a Welcome Email

Knowledge Solutions
1

Problem statement

When a user resets their password, their email is marked as verified (if it wasn’t already). Unlike clicking the verify link from the Email Verification email, this does not trigger the Welcome Email.

If Verification email and Welcome email are both enabled, creating the user through the Management API will trigger the Verification email to be sent. If you also send the user a Password reset email and they don’t open the Verification email before they reset their password, ‘email_verified’ is set to true, but no Welcome email is sent. Now, if the user tries clicking on the verification email, it will give them an error “Email is already verified”. Welcome email is never sent.

We are expecting a Welcome email to be sent to the user after email_verified is set to true under all conditions.

Steps to reproduce

Expected Behaviour:

  1. User Account created via Auth0 Management API , email_verified flag as false
  2. Change Password email triggered to User Email. Until this point email_verified flag is false
  3. User set their password, email_verified flag is changed to true
  4. Welcome email is sent to the user after email_verified is set to true.

Actual Behavior:

  1. User Account created via Auth0 Management API , email_verified flag as false
  2. Change Password email triggered to User Email. Until this point email_verified flag is false
  3. User set their password, email_verified flag is changed to true, but welcome email is not triggered.

Cause

This is the expected behavior. Once a user verifies their email address, they will receive a Welcome Email. If you turn off the Verification Email feature, the Welcome Email will be sent to the user when they sign-up (or log in for the first time).

The intended behaviour is to trigger the welcome email based on a verification ticket, not the email_verified attribute, and a password reset ticket is not considered the same as a verification ticket.

Solution

If you would like to see this functionality in a future release of Auth0, we would encourage you to submit a feature request using this form: