janko
commented
1 year ago Yes, this Rodauth behaviour is intentional. For one, this respects best practices about GET requests not modifying resources. But it also enables delaying setting the password until account verification, which wouldn't be possible if there was no form rendered.
To remove that extra step in your application, you can hide the form and write some JavaScript code that will automatically submit the form when the page loads. I wrote a guide for this.
Swalden
When a user clicks the link in their email to verify, they get sent to /verify-account which then has a "verify" button that they have to press.
Is this the expected behaviour? If so is there a way to change it to automatically verify the account on clicking the link in the email?