I would like to verify the user’s email in the auth callback, after they’ve signed up.
This is valid because we have sent the user a link to sign-up via the email address that we have on file for them in our system.
(and since they have the token in the link, we know that they had to have access to the email we have for them on file in our system, so it makes sense for us to consider it verified, and save the user the hassle)
In order for this plan to work, I will need to either:
suppress the verification email so it isn’t redundantly sent to them
modify the verification email template to be more of a welcome email if they’ve already been verified (but this all depends on the timing of when the email is sent, I can’t find any documentation describing when it is sent relative to the pre/post registration and pre/post login flows)
Therefore my questions are:
Can I suppress the email for sign ups programmatically?
When is the email sent relative to the available actions?
I have looked at using the /verification-email job to send the email programmatically, but it looks like I can’t turn off the automatic send while using that. Customize Email Handling
Thank you so much for taking the time to respond to my question.
You can disable the template, which should prevent the email from being sent.
My concern with disabling the template was that it seemed to prevent the email-verification job from working (which was the way I was hoping to send the email in a custom action).
What do you mean suppress it programmatically?
I basically meant, do I have an API in the auth actions that allows me to suppress it, or is it too late at that point.
Essentially, imagine I’m wanting to move the automatic send into a more explicit form in the actions, one that I can make conditional so that I can suppress it myself.
Is that possible with the default verification template or do I have to involve sendgrid?
Are you asking when is the email sent in the Auth0 Actions Pipeline?
We’re going to explore using our DB scripts to set email_verified to true if our token from the email matches, which could work for our use-case. I’d still be curious and very grateful if you have any thoughts on the above.
I will update here if we manage to find a solution.