Hi @monika.prakash,
Thanks for joining the Community!
By default, users can log in to an app without verifying their email, however, the user’s email_verified
attribute will be false until they confirm their email address:
{
"user_id": "auth0|507f1f77bcf86cd799439020",
"email": "john.doe@gmail.com",
"email_verified": false // <-- this attribute will be false until user verfies email
}
In order to require email verification, you can use a post-login Action:
exports.onExecutePostLogin = async (event, api) => {
if (!event.user.email_verified) {
api.access.deny(`Please verify your email before logging in.`);
}
};
Until the user verifies their email, they will be redirected back to your app with an authorization error. The error message is passed as a query string param so that your app can display a user-friendly error:
http://exaample.com/?error=access_denied&error_description=Please%20verify%20your%20email%20before%20logging%20in.
Here is documentation on how to write an Action for your Auth0 tenant: