User can sign in before email confirmation

Hi @monika.prakash,

Thanks for joining the Community!

By default, users can log in to an app without verifying their email, however, the user’s email_verified attribute will be false until they confirm their email address:

{
    "user_id": "auth0|507f1f77bcf86cd799439020",
    "email": "john.doe@gmail.com",
    "email_verified": false // <-- this attribute will be false until user verfies email
}

In order to require email verification, you can use a post-login Action:

exports.onExecutePostLogin = async (event, api) => {
  if (!event.user.email_verified) {
    api.access.deny(`Please verify your email before logging in.`);
  }
};

Until the user verifies their email, they will be redirected back to your app with an authorization error. The error message is passed as a query string param so that your app can display a user-friendly error:

http://exaample.com/?error=access_denied&error_description=Please%20verify%20your%20email%20before%20logging%20in.

Here is documentation on how to write an Action for your Auth0 tenant:

2 Likes