Verify email with code?

bookdrive.lokd · September 1, 2023, 10:01am

I want when the user’s signup the email_verified : false is returned. But i want the user to recieve a verification OTP on their mail, which they will enter on the auth0 page and then i receives the email_verified = true eveytime when a new user signup. How do I achieve this functionality? I would prefer a detailed process.

suchislife801 · September 1, 2023, 3:44pm

Steps to Implement Email Verification with OTP in Auth0:

1. Auth0 Dashboard Configuration:

Go to Auth0 Dashboard > Rules > Create Rule.
Choose “Email Verification” template.
Modify the rule to send OTP instead of a link.

2. Auth0 Rule Code:

function (user, context, callback) {
  if (user.email_verified) {
    return callback(null, user, context);
  }
  
  // Generate OTP and send via email
  // You can use Auth0's API or third-party services to send OTP
  // Store OTP for later verification
  
  // Redirect user to OTP verification page
  context.redirect = {
    url: "YOUR_OTP_VERIFICATION_PAGE_URL"
  };
  
  return callback(null, user, context);
}

3. OTP Verification Page:

Create a page to input OTP.
Use Auth0.js or Auth0 SDK to verify OTP.

4. Verify OTP:

// Use Auth0 API to verify OTP
// If OTP is valid, set `email_verified` to true

5. Finalize Rule:

After OTP verification, redirect back to the application.
Update email_verified in the user profile.

6. Client-Side:

After successful login, check email_verified in the user’s profile.

7. Server-Side (Optional):

You can also check email_verified server-side for extra security.

8. Done:

Now, email_verified should be true for users who have verified their email via OTP.

This is a high-level overview. Each step can have its own complexities depending on your specific requirements.

cdascal · January 14, 2024, 4:47pm

Hi @ suchislife801
Would you please help with an updated guide ? I believe “rules” are deprecated and no longer available for new tenants. I know it’s a lot to ask, that would save my day

margot · February 27, 2024, 1:14am

Same question as @cdascal - Would appreciate guidance about how to achieve the same via Actions now that rules are being deprecated.

Thoughts @suchislife801 or anyone else?

stephanie.akpakoun · February 27, 2024, 6:21pm

Here is a code example from an Auth0 SA:

github.com

abbaspour/actions-gallery/blob/main/post-login/validate-email/validate-email.js

// noinspection DuplicatedCode

/**
 * Author: Amin Abbaspour
 * Date: 2023-11-22
 * License: MIT (https://github.com/auth0/actions-gallery/blob/main/LICENSE)
 *
 * Generic Action showing how to perform a nested authorisation transaction.
 * With nested transactions can build various functionalities on top of Auth0 UL without any server side or companions apps
 * For example you can use this to validated credentials, change password on next login, etc
 *
 * In this example, we are re-authenticating a social account with credential DB and link them.
 *
 * NOTE: `domain/continue` should be among allowed callback URLs of your client.
 * NOTE: if using NUL, authentication profile should be "Identifier First"
 *
 * @param event https://auth0.com/docs/customize/actions/flows-and-triggers/login-flow/event-object
 * @param api https://auth0.com/docs/customize/actions/flows-and-triggers/login-flow/api-object
 * @returns {Promise<void>}
 *

This file has been truncated. show original

salmanmian54321 · March 9, 2024, 1:18am

Hi @cdascal , Did you find a way to implement verify email with code ? I tried doing so by going in branding → email template → then choosing verification email with code. we also have to enable custom email provider by going in email provider and enabling “use my own email provider” for that.

I tried sending email while testing it from the dashboard in email template section. it worked over there but the same is not working as when signing up user from my app. please let me know if you have figured out a way to implement it.

Thanks