search

workos / authkit-nextjs

The WorkOS library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js.
MIT License
67 stars 18 forks source link

How to handle email verification? #77

Closed felipap closed 1 month ago

felipap commented 3 months ago

Users with unverified emails are seeing the following when they try to sign up via GitHub:

Screenshot 2024-08-14 at 11 10 31 AM

Here is the code for the route in charge. It's simply calling the handleAuth() handler:

// app/workos-callback.ts

import { handleAuth } from '@workos-inc/authkit-nextjs'
export const GET = handleAuth()

At the same time, users also receive an email asking them to verify their email:

Screenshot 2024-08-14 at 11 12 42 AM

The error confuses me for a couple reasons. First, the documentation states that users "signing with Magic Auth, OAuth, or SSO are automatically verified". So why do they need to verify their emails when they use GitHub?

Second, there is nowhere for users to input this code. Don't I need a way to tell handleAuth() where to redirect users in case of unverified emails?

I'm aware of the code inside src/app/using-your-own-ui/verify-email/ but I don't know how to connect it to the rest. There is no Verify Email redirect to configure in the dashboard, or argument I can pass to handleAuth.

PaulAsjes commented 3 months ago

Hey there! The docs are slightly wrong, while certain OAuth providers allow us to automatically verify the email address, that's not the case for all of them. Google will often be automatically be verified, Apple is automatically verified but GitHub and Microsoft will not automatically verify. I'll make sure those docs are updated.

What should happen when the email is unverified is AuthKit should show a page where you can paste in the code from the email. Are you saying that you're instead getting back that generic error message?

If that's the case, can you give us detailed reproduction steps?

felipap commented 3 months ago

Hey Paul, thank you for the help!

What should happen when the email is unverified is AuthKit should show a page where you can paste in the code from the email. Are you saying that you're instead getting back that generic error message?

This is not happening when I use my own UI. Instead, L20 of the middleware code throws "Email ownership must be verified before authentication", causing the user to see that code. I'm not seeing code that handles any of this email verification logic.

PaulAsjes commented 2 months ago

Can you elaborate by what you mean by "when I use my own UI"? Are you using the authkit-nextjs library or building your own auth UI with the workos-node SDK?

It would help if you provided some sample code and reproduction steps for us to investigate this further.

PaulAsjes commented 1 month ago

Closing this due to lack of activity. Feel free to reopen if you're still experiencing this issue.