Verified Email flag

How would I set a “verified” email flag in Auth0? I suppose I can just set it as User meta data but how would I actually get Auth0 to respect that flag in the login process?

That is - to deny logins where the “verified” flag is FALSE.

I know that Auth0 provides some email verification but I honestly would rather keep the integration lighter as it has been quite painful thus far.

Thanks!

1 Like

Hi @alex34,

Thanks for reaching out to the Auth0 Community!

I understand you would like to set the email_verified property for your users and deny access if they are unverified.

In this case, I recommend using an Auth0 Post-Login Action to deny a user access if their email address is not verified. For example:

exports.onExecutePostLogin = async (event, api) => {
  if (!event.user.email_verified) {
    api.access.deny(`Access to ${event.client.name} is not allowed.`);
  }
};

Note that the email_verified property is part of the user’s root profile attributes, and there is the option to change this property by calling the Management API Update a user endpoint.

I hope this helps!

Please let me know if there’s anything else I can do to help.

Thank you.

1 Like