Closed evoskamp closed 1 year ago
evoskamp
commented
1 year ago Yup. Sign out / Sign In never makes it work, unless the auth0 log in's email is verified first.
Since the log in flow of a new auth0 user logs in, passes to the website, that always will be a unverified user.
Since we can determine it's unverified, we might want to throw up a warning banner, to tell them to check their email, verify the auth0 email, sign out, sign back in.
ggascoigne
commented
1 year ago I wonder if I can detect the unverified state and simply block registration until the email is verified.
evoskamp
commented
1 year ago Well in the top right in the header where it displays the user's email address it shows as "(unverified)" when not verified, so, I'd say yes.
Registration is self-blocking as it's inactive, possibly because it's set to require a USER role to register?
It's more we need to be able to tell people what to do.
evoskamp
commented
1 year ago amber/components/LoginButton.tsx#110:
const unverified = user.email_verified ? '' : ' (unverified)'
evoskamp
commented
1 year ago Where user is Auth0User
evoskamp
commented
1 year ago Which extends AuthInfo (roles and userid) and UserProfile which comes out of @auth0/nextjs-auth0/client
evoskamp
commented
1 year ago Yup, from their GitHub it's an optional claim in UserProfile
evoskamp
commented
1 year ago Shows the banner of unverified. But doesn't automatically regenerate the token with the roles. I'll file that as a separate bug.
ggascoigne
commented
1 year ago I think that is closed based on https://github.com/ggascoigne/amber/pull/21 & https://github.com/ggascoigne/amber/pull/23.
Created a new auth0 user, new user on the site. Register is not active as it doesn't have a USER role.
Verifying the auth0 user, logging out/logging in, works.
Next testing without first verifying the auth0 account.