Why is email_verification still false

frunny · December 15, 2022, 8:45pm

Dear community - I need some help.

When I click the verification link in the email sent to the user to verify their email address - it will not set the email_verified param in the user session to true. Is this correct?

Do I have to do this on my own?

It also does not redirect to my callback or the URL I set in my email template. Instead, I get a long params URL with different values about password reset etc.

Also, is the user logged in after signup with un/pw - or is the user logged out?

I read so much on your document pages, but I can’t find any clue about those basic questions.

Stuck for a week now with this
Thanks for any help!

rueben.tiow · December 15, 2022, 11:22pm

Hi @frunny,

Thanks for reaching out to the Auth0 Community!

I understand that you encountered problems with the verification email.

First, let me clarify that the email_verified property will be set to verified if the user clicks on the link to verify their email address. You will not need to manually update this value.

Additionally, have you made sure you have configured a custom SMTP Email Provider?

If not, I recommend configuring a custom SMTP Email Provider so that you can customize your email templates, which includes configuring the Redirect To URL.

Please let me know how this works for you.

Thanks,
Rueben

frunny · December 16, 2022, 5:35am

Hi,

Thanks for your answer.

Email is setup with Amazon SES/SMTP and works as expected. So all emails are delivered.

I customized my email redirect URL, which will be called fine now.

However, when I read the “session.user.email_verified” on the page that gets called after the user clicks the link - it is still “false”.

I have to log out and log in the user to get the new session update - it seems. Somehow I don’t get the update on the session. Is there anything I have to call to read the new session?

This is my code on the page to get the session.

export const getServerSideProps = withPageAuthRequired({

  async getServerSideProps(ctx) {

    const session = await getSession(ctx.req, ctx.res);		
console.log(session);

    return { 			
			props: { user: session.user } 
		};
  }
});

Thanks!

frunny · December 16, 2022, 2:47pm

I solved it with a redirect to a “silent login” after the callback from the email link - to log the user in again without showing the login prompt. That way I get the session updated and it finally shows email_verified = true. Not sure why this doesn’t work as in explained in your docs.

rueben.tiow · December 16, 2022, 11:20pm

Hi @frunny,

Thank you for your responses.

Yes, that is correct. The session would need to be “refreshed” since the user that was previously (and still) logged in had an "email_verified": false state.

And as you have discovered, you can use Silent Authentication to log the user in again with the updated "email_verified: true state without user interaction.

Thanks for bringing to our attention that our docs is missing this information. I will be sure to document this so it can help others in the future.

If you happen to have any other questions, please reach out again. I would be happy to help.

Thanks,
Rueben

system · December 30, 2022, 11:21pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.