Open kon14 opened 2 months ago
kkopanidis
commented
2 months ago It can be confusing sure, but a rename would be something like "requireVerification" in order to match the current behaviour. isVerified isn't the whole picture since it will continue to hide the fact that if it is false and email would be sent
kon14
commented
2 months ago An email would only ever be sent if glogal cfg's verification is required, with email sends enabled. That is not any singular RPC's specific behavior (if it is, it's most likely a bug).
If isVerified is true, it shouldn't initiate any verification flows no matter what, as it's assumed to be verified by somebody else.,
If it's not, it should stay in-line with the rest of the APIs, sending emails or not, depending on project/module cfgs.
Checklist
Suggestion
The
Authentication.UserCreateRPC accepts aUserCreateRequestmessage type, which includes aboolfield namedverify. The current behavior of this field is highly misleading in regards to how user creation and verification are handled.At a glance, the field's name clearly suggests that setting it to true would immediately verify the user. However, in practice, setting verify to true does not result in verification, but instead implies that the user must be verified later.
In contrast, setting it to false doesn't merely not enforce initiating the verification process, but actually verifies the user on the spot:
This behavior is not intuitive and can easily lead to mistakes in user management logic.
To improve clarity and align the behavior with user expectations, I'd consider introducing the following breaking changes during the next major version bump:
isVerifiedorverifyUser(so as to prevent implicitly breaking existing consumers)grpc-sdk