How is the password verification enforced on the backend? Currently it is kind of only enabled via the frontend by setting the

emailVerificationFeature

option on the frontend? 🤔

You mean email verification or password verificaion?

email verification sorry

right yea. It needs to be enforced via the session's content - we are working on having that out in the next 1-2 weeks time. In the meantime, you can add that yourself by modifying the session's payload to add if the email is verified or not, and if not, then deny access in the API. If yes, then grant access. You should also override the email verification API then to modify the session payload accordingly. Or you can just wait for 1-2 weeks and we will have a version that does this for you

Okay I see, waiting 2 weeks is fine with me

yea. It has been updated. You can update the backend and frontend SDKs - but do have a look at the changelog, it's a breaking change.

Thanks, I was looking at GitHub releases 🤦

ah fair. Well, it should be there in the release for the backend and frontend SDKs

Is there something like a table that shows which FDI version is supported/satisfied with which supertokens-core version?

One more question when - I call

/recipe/session/verify

on the supertokens-core, it won't check whether the email got verified. It is only done via the

supertokens-node

SDK - correct? I would have to do an additional HTTP call in order to check this?

> It is only done via the supertokens-node SDK - correct? Correct. > I would have to do an additional HTTP call in order to check this? Well, no. The node JS SDK checks the claims in the session and does it based on that