Add a feature to check the validity and expiry of verificationId to confirm the email through an API.

FusionAuth / fusionauth-issues

FusionAuth issue submission project

https://fusionauth.io

91 stars 12 forks source link

Add a feature to check the validity and expiry of verificationId to confirm the email through an API. #2915

Open dany13gd opened 1 week ago

dany13gd commented 1 week ago

Problem

Currently, there is no way to check the validity and expiration of verificationId via an API. The only way to know if it is invalid or expired is via the 404 response by hitting POST /api/user/verify-email/{verificationId}. However, it is important to note that this method consumes the verificationId, meaning you will not be able to use it again for actual email verification. Therefore, this approach is not ideal for all use cases.

Solution

It would be great if FusionAuth could add a feature to check the validity and expiration of verificationId via an API to improve the unverified email workflow.

robotdan commented 1 week ago

Thanks for the request @dany13gd.

If we added an API for this -what type of information you are you looking for? Just a 200 to say the verification is still valid, or do you also want to know the remaining TTL on this token for example, or anything else?

We could consider adding support for GET /api/user/verify-email/{verificationId} on the current API to return a 200 and perhaps a TTL or something like that.

Or a new API such as GET /api/user/verify-email/status/{verificationId} to explicitly ask for the status of this verificationId.

dany13gd commented 4 days ago

Thank you @robotdan for the prompt response. Getting a 200 response would be great, but if you could add the TTL to the response it would be even better. This will allow for better management of email verification and for the user to decide whether to look for the email in their inbox or decide to forward an email.

dany13gd commented 4 days ago

But the idea would be to just check that the verificationId is still valid, meaning that if you go and look for your email with the verificationId it can be used.

This seems to be a better option: /api/user/verify-email/status/{verificationId}

dany13gd commented 4 days ago

Or @robotdan you could set that variable in the user info too, example:

{
    "user": {
        "active": true,
        "connectorId": "string",
        },
        "email": "[email@email.com](mailto:email@email.com)",
        "id": "string",
        "insertInstant": number,
        "lastLoginInstant": number,
        "lastUpdateInstant": number,
        "memberships": [],
        "mobilePhone": "[(123) 1242135125](tel:1242135125)",
        "passwordChangeRequired": false,
        "passwordLastUpdateInstant": number,
        "preferredLanguages": [
            "en"
        ],
        "uniqueUsername": "email",
        "username": "email",
        "usernameStatus": "ACTIVE",
        "verified": false ,
        "verificationId": "ACTIVE" Or "INACTIVE"
    }
}

That way we can know if the verificationId is still valid.