User can sign in before email confirmation

Hi

I created a user. and I got the verification email.( verification email(using link) template.
then before I validating the email. I tries to sign up using the email and password. and user sign in successfully. I think we need to verify the email for sign in ?

i set my email provider like this.

Hi @monika.prakash,

Thanks for joining the Community!

By default, users can log in to an app without verifying their email, however, the user’s email_verified attribute will be false until they confirm their email address:

{
    "user_id": "auth0|507f1f77bcf86cd799439020",
    "email": "john.doe@gmail.com",
    "email_verified": false // <-- this attribute will be false until user verfies email
}

In order to require email verification, you can use a post-login Action:

exports.onExecutePostLogin = async (event, api) => {
  if (!event.user.email_verified) {
    api.access.deny(`Please verify your email before logging in.`);
  }
};

Until the user verifies their email, they will be redirected back to your app with an authorization error. The error message is passed as a query string param so that your app can display a user-friendly error:

http://exaample.com/?error=access_denied&error_description=Please%20verify%20your%20email%20before%20logging%20in.

Here is documentation on how to write an Action for your Auth0 tenant:

HI @stephanie.chamblee

I tried this and but user can able to login . not created authentication error.

Hi @monika.prakash,

I took a look at your tenant’s action, and the code looks correct. However, it looks like at the moment the action is not placed into the post-login flow yet. Have you tested this with the action set?

Alternatively, you can use a rule:

function emailVerified(user, context, callback) {
  if (!user.email_verified) {
    return callback(new UnauthorizedError('Please verify your email before logging in.'));
  } else {
    return callback(null, user, context);
  }
}
1 Like

Hi @stephanie.chamblee

Thank you :slight_smile:
its working

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.