Hello, we have implemented a passwordless auth flow where we then add user emails — couldn't help but notice that some but not all emails are showing as verified on the auth dashboard immediately after the email is added. Ideally no emails are verified until the users manually verify them. Using the Flow 1 implementation here: https://supertokens.com/docs/passwordless/common-customizations/change-email#flow-1-update-email-without-verifying-the-new-email

hey @johnnyrwest this happens if the user had already verified the "new" email before. So if the user initialiiy logged in with email e1, then you changed it to e2, it should show unverified for e2. If you then again change it to e1, it will show it's verified again for e1. Are you observing a diff behaviour?

Hey @rp_st , I appreciate the response. We are observing different behavior in that this was a new SuperTokens user altogether. According to our logs, the verification email never sent and the Is Email Verified property defaulted to

Yes

. If it helps, we are using the Python SDK on version 16.3, passwordless recipe with email verification as

OPTIONAL

per the above guide in combo with this one: https://supertokens.com/docs/passwordless/common-customizations/email-verification/about#backend-setup

So the user signed up and their email was verified? That’s expected.

Just double checking, but is that to be expected even when we implement the passwordless auth using SMS? I think we would expect that to verify the user's phone number but not the email address. In this specific case, the user signed up using an OTP via SMS. One step later in our onboarding flow we updated their profile to include the email address (using

from supertokens_python.recipe.passwordless.syncio import update_user

and passing in

update_user(user_id, email=new_email)

), the email was automatically marked as verified. We aren't seeing this behavior with most other users which is why it stood out to us as unusual.

ohh hmm. Thats interesting. We will have to investigate this. Could you please open an issue about this on our core repo? We will check it out and get back

Definitely, I can open up an issue. All users are using SMS signup and then an email is being added to them. The majority of users go from Is Email Verified:

N/A

(no email on the user account) to

false

, when we add the email to their user account to

true

when the user finally verifies their email whereas this one specifically just went straight to

true

once the email was added (again, not verified, no email sent)

hmm. Really strange. Are you using our managed or self hosted solution?

We have been using managed this whole time

gotcha. Could you please DM be your registered email ID and also the end user's email form whom this is happening? We can try and see from our end if something is wrong

Thank you, DM sent!