The user sign-up procedure is detailed below: A user fills out email and password in Sign up page. A new user account is created in Auth0 database. A verification email is sent to provided email address. The user clicks the link in the Verification email. The user’s is_email_verified is set to tru…

Sign up page is vulnerable to exploitation by malicious users

dawid.matuszczyk October 11, 2024, 10:42am 3

Welcome to the Auth0 Community!

Unfortunately, due to the Auth0 architecture, it’s not possible to create an account after email verification, but you can deny unverified users access to your application. We have a great Knowledge Solution about that → Best Practice of Enforcing Email Verification

Thanks
Dawid

1 Like

Topic		Replies	Views
Verify Email Address Before Signup Completes Knowledge Articles	1	454	January 11, 2024
How can I send a verification email before signup? Help email-verification , user-management	4	3097	January 5, 2023
Send verification to alternate email address upon signup Help auth0 , signup , login , verification-email	1	1514	September 28, 2022
How can I use Verification Emails with Code instead of links when a user signs up or logs in for the first time? Help	2	1184	September 29, 2022
Verification email bad behavior Help verification-email	0	3204	June 20, 2020

Sign up page is vulnerable to exploitation by malicious users

Related topics