User verification with custom db connection

We’re using a custom db connection for our Auth0 user store. We’ve got a pretty basic Verify action script that updates a flag in our database. The script executes just fine, data is updated, everyone is happy. However, the user email is still showing as pending within Auth0. The only way to change Pending to Active is to log out, and then log back in. Is this normal behavior, or is something wrong?

Hi @lighthousen,

Welcome to Auth0 Community!

We are looking into this query and will get back to you soon.

2 Likes

Have you included the email_verified: true in the Login function? Here is the sample scripts.

function login(email, password, callback) {
  ...
  const profile = {
    user_id: externaldb|12345,
    email: joe.schmo@externaldb.com,
    email_verified: true
  };
  callback(null, profile);
}

If this is already added to your Login function and is not working correctly. Could you provide your function?

2 Likes

Thanks for the reply! Sorry for the delayed response, the notification went to spam.

Here is my login script:

function login(email, password, callback) {
  ...
  callback(null, {
            user_id: user.id.toString(),
            nickname: user.nickname,
            email: user.email,
            email_verified: (user.state === 'A' ? true: false),
            app_metadata: {
              v2_role: user.role 
            },
  });

email_verified depends on the state flag that comes in from our database. The verification database action script flips the state from pending to active. The login script is working fine when logging in / out.

Just checking if you saw this @lihua.zhang . Thanks!

Hi @lighthousen ,

Thank you for providing your login script. And sorry about the delay.

The database action scripts can be triggered only once when the user attempts to login.That’s why after the “Verify” scripts are executed, they have to log out and log in again to trigger the “Login” script which updates the email_verified to true.

If I understand correctly, you want to allow only the verified user to login.

In that case, I suggest you use an Auth0 Post-Login Action to accomplish this, instead of updating the flag in the database in the Verified script and check the flags in the Login script.

This article explained the steps to create such an action.

Here is a snippet of the sample scripts for this action.

exports.onExecutePostLogin = async (event, api) => {
  if (!event.user.email) {
    api.access.deny(`Please verify your email address to continue to ${event.client.name}`);
  }
};

Basically, it will deny users access until they have verified their email, and you can guarantee the scripts will set the user’s email_verified: true correctly.

Hope this helps!

1 Like

Thank you for the help. It does clarify things, but not completely what I’m after. We’re fine with allowing users to be signed in before email confirmation. We simply restrict access based on whether or not they’ve verified.

I would like to not only flip the flag in our own database, but also within Auth0 when the user clicks on the verification link. That way if they are signed in already, they will receive elevated permissions because they’ve verified the email address. Based on your latest reply, maybe that is not possible.

One thing I noticed is that when the link is clicked on, the flag is flipped in our database, but the user is given an error saying the code was invalid. One thing I noticed is the documentation says to provide a JSON object with user details if the first parameter is NULL for the callback. Verify Script Templates. However, none of the examples following that seem to follow that. Maybe that is the issue?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.