Verify_email: false for Passwordless still sending verification email

Problem statement

I’m using the ManagementClient in the Auth0 NodeJS library to create users and would like to have their email_verified set to false without sending a verification email.

The docs (Auth0 Management API v2 ) indicate that the verify_email field can be used to override the default behaviour, but regardless of the value I set, the verification email is still sent.

The only field that influences this is the email_verified field, and I need this to be set to false in order for the rest of our internal application flow to work as expected.

Is there something else that can affect this behaviour?

The below snippet is sending a verification email:

const client = new ManagementClient({
domain: config.auth0.domain,
clientId: secret.client_id,
clientSecret: secret.client_secret,
audience: config.auth0.managementAPIIdentifier,
});

return await client.createUser({
email,
email_verified: false,
verify_email: false,
connection: config.auth0.userConnection,
})

Is there a workaround to this?

Symptoms

For a newly created Passwordless connection, a user with the attribute email_verified=False, a verification email is still sent to the user.

Cause

This is by design for new Passwordless users.

Solution

A feature request exists which seeks to give more options to the Developer. This is currently in the Backlog of feature development tasks.

The only workaround at the moment is to create the user in a 2-step process.

  1. Creating a user via the Management API, as in this example:
POST /api/v2/users

{ "email": "[john.doe@gmail.com](mailto:john.doe@gmail.com)", "connection": "email", "email_verified": true }
  1. Then update the user:

PATCH /api/v2/users/<user_id>

{ "email_verified": false }