Closed evoskamp closed 1 year ago
Yup. Sign out / Sign In never makes it work, unless the auth0 log in's email is verified first.
Since the log in flow of a new auth0 user logs in, passes to the website, that always will be a unverified user.
Since we can determine it's unverified, we might want to throw up a warning banner, to tell them to check their email, verify the auth0 email, sign out, sign back in.
I wonder if I can detect the unverified state and simply block registration until the email is verified.
Well in the top right in the header where it displays the user's email address it shows as "(unverified)" when not verified, so, I'd say yes.
Registration is self-blocking as it's inactive, possibly because it's set to require a USER role to register?
It's more we need to be able to tell people what to do.
amber/components/LoginButton.tsx#110:
const unverified = user.email_verified ? '' : ' (unverified)'
Where user is Auth0User
Which extends AuthInfo (roles and userid) and UserProfile which comes out of @auth0/nextjs-auth0/client
Yup, from their GitHub it's an optional claim in UserProfile
Shows the banner of unverified. But doesn't automatically regenerate the token with the roles. I'll file that as a separate bug.
I think that is closed based on https://github.com/ggascoigne/amber/pull/21 & https://github.com/ggascoigne/amber/pull/23.
Created a new auth0 user, new user on the site. Register is not active as it doesn't have a USER role.
Verifying the auth0 user, logging out/logging in, works.
Next testing without first verifying the auth0 account.