Is it even possible to update the user data within a hook then?
In general, yes, you’d just need to hardcode the Auth0 tenant domain and get the access token dynamically. However, for the given scenario (with the email_verified flag), I’m running into some limitations.
I did some testing myself just now; in the pre-user registration hook, the user isn’t persisted yet, therefore the updateUser would fail, because there’s not user id available yet.
Therefore, the updateUser call only works in a post-user-reg hook. I tested it and it updates the email_verified attribute for the user correctly, however, it seems to come in too late. The email verification mail still get’s send. Which isn’t surprising, because the post-user-reg hook runs asynchronously to the signup flow.
So, right now, unfortunately I don’t have a good solution to avoid the email verification mail delivery conditionally on signup.