Auth0 Home Blog Docs

Unable to Create Verification Email Ticket for Federated User?

I was experimenting with a SAML federated user in the mgmt API today and discovered that I’m unable to create a verification email ticket for that connection type. I AM able to create a ticket for a database connection type using the same settings (verified that the mgmt API account has permission to create tickets).

Request (redacted):

Authorization: Bearer xxxx
Content-Type: application/json
POST https://{domain}/api/v2/tickets/email-verification

{
	"result_url": "http://localhost:4200/callback",
	"user_id": "samlp|{connection}|{email}"
}

Response:

{
    "statusCode": 400,
    "error": "Bad Request",
    "message": "The user's main connection does not support this operation",
    "errorCode": "operation_not_supported"
}

I wasn’t able to hunt down much by way of documentation - the management API only indicates that it may return the response: ’ 400 The user’s main connection does not support this operation’. No mention of which connection types are supported.

I understand why changing the password might be an invalid operation for a federated account, though I don’t quite understand why we wouldn’t be permitted to independently validate the user’s email address in Auth0. Am I missing a critical configuration somewhere? Or is it prohibited to create ANY ticket for a federated user?

Any suggestions on how we might validate a federated user’s email independently in Auth0?

1 Like

This is a great question. We are in the process of setting up a SAML connection to a partner and it is not yet clear to us whether the partner users will get an email address verification email. Someone here might have a definitive answer but if I find anything out in my own testing I’ll post the results.