Just trying to get login/logout working on my React app using auth0-spa-js, and I’m experiencing a couple problems:
- If I sign up using Auth0, I do not receive any notification that I will be receiving a verification email.
- Auth0 seems to consider me authenticated/logged in even though I haven’t yet verified my email.
This doesn’t seem “secure by default” to me. Should people be able to access my site’s secure information without at least proving they own the email they signed up with?