For email-based factors, if `require_verification` is off, framework helpers will delete the PKCE verifier cookie on sign up, but it's still needed by email verification #1094
We need to keep the same PKCE session going when verifying emails. That's fine when you have require_verification set to true, because we show you a "Check your email" message, but if you have it set to false, we log you in and delete the PKCE verifier cookie even though the email verification relies on this exact verifier.
We need to keep the same PKCE session going when verifying emails. That's fine when you have
require_verification
set totrue
, because we show you a "Check your email" message, but if you have it set tofalse
, we log you in and delete the PKCE verifier cookie even though the email verification relies on this exact verifier.