I have an auth0 application that has a social connection to saleforce setup.
Whenever I use a salesforce account to signup, I get the user correctly configured and its email is set to verified automatically. However, when one of the users signs up, their sign up exists, but it shows email as pending. Why is this happening? I’m using the built in auth0 lock and redirecting to a hosted sign in page.
This is a problem since I need to require that emails are verified since my application requires good, verified emails for its logic.
The information received by Auth0 with regards to email verification status when using social connection depends entirely on the social provider in question so for some situation the social provider may allow the end-user to authenticate even if they have not yet verified their email address. The effect is that Auth0 will also receive and treat the email as unverified.
In the particular case of Salesforce I confess that I don’t know if they force email verification or not; if they don’t then what you’re experiencing is completely expected. You mention that you receive email as unverified only for some users so this also supports the theory that the particular end-user has did not verify that email in Salesforce. On the other hand if you have a test user that you know that has the email verified in Salesforce and still surfaces as unverified at Auth0 then this would require further review.