How would I set a “verified” email flag in Auth0? I suppose I can just set it as User meta data but how would I actually get Auth0 to respect that flag in the login process?
That is - to deny logins where the “verified” flag is FALSE.
I know that Auth0 provides some email verification but I honestly would rather keep the integration lighter as it has been quite painful thus far.
Thanks!
Hi @alex34,
Thanks for reaching out to the Auth0 Community!
I understand you would like to set the email_verified property for your users and deny access if they are unverified.
In this case, I recommend using an Auth0 Post-Login Action to deny a user access if their email address is not verified. For example:
exports.onExecutePostLogin = async (event, api) => {
if (!event.user.email_verified) {
api.access.deny(`Access to ${event.client.name} is not allowed.`);
}
};
Note that the email_verified property is part of the user’s root profile attributes, and there is the option to change this property by calling the Management API Update a user endpoint.
I hope this helps!
Please let me know if there’s anything else I can do to help.
Thank you.