I created a user. and I got the verification email.( verification email(using link) template.
then before I validating the email. I tries to sign up using the email and password. and user sign in successfully. I think we need to verify the email for sign in ?
By default, users can log in to an app without verifying their email, however, the user’s email_verified attribute will be false until they confirm their email address:
{
"user_id": "auth0|507f1f77bcf86cd799439020",
"email": "john.doe@gmail.com",
"email_verified": false // <-- this attribute will be false until user verfies email
}
In order to require email verification, you can use a post-login Action:
exports.onExecutePostLogin = async (event, api) => {
if (!event.user.email_verified) {
api.access.deny(`Please verify your email before logging in.`);
}
};
Until the user verifies their email, they will be redirected back to your app with an authorization error. The error message is passed as a query string param so that your app can display a user-friendly error:
I took a look at your tenant’s action, and the code looks correct. However, it looks like at the moment the action is not placed into the post-login flow yet. Have you tested this with the action set?
Alternatively, you can use a rule:
function emailVerified(user, context, callback) {
if (!user.email_verified) {
return callback(new UnauthorizedError('Please verify your email before logging in.'));
} else {
return callback(null, user, context);
}
}