With the passwordless recipe what is the recommend...
# support-questions-legacyp
pitchash
05/05/2022, 11:55 AMWith the passwordless recipe what is the recommended flow for updating a users email address including sending an otp / magic link and then finally updating the email address on supertokens with the verified address?
r
rp_st
05/05/2022, 11:56 AMhey @pitchash
rp_st
05/05/2022, 12:00 PM- Init the emailverification recipe as well
- In a background job, use the emailverification recipe API to mark all the passwordless users' email as verified.
- When changing a user's email in passwordless recipe, mark that user's email as unverified using the email verification recipe API
- Overrride the passwordless code consume API to mark that user's email as verified. This way, when the user clicks on the magic link / enters the OTP, their email is verified automatically.
rp_st
05/05/2022, 12:29 PMAlternatively, you could use the user metadata recipe to store if a user's email is verified or not. Mark it as verified in the code consume API override, and before updating their email, mark is as unverified in the user metadata.
rp_st
05/05/2022, 12:29 PMWe should probably link email verification recipe to passwordless.. It would be helpful if you can open an issue about this on our supertokens-core repo 🙂
p
pitchash
05/05/2022, 6:16 PMThe problem with the flow above is that we don’t want to change the passwordless users email till after the verification is done… usually I add a second “new_email” field on the user record
r
rp_st
05/05/2022, 6:20 PMAh right. I see. That’s also possible to achieve then, but you will have to add it to your own table. You can add a new email field against that userId in your table. And when they login with that, you can override the consume code API to check if there is a user in your table associated with a new email = the email for the code. If there is, then don’t call the original implementation, and instead just create a new session directly
rp_st
05/05/2022, 6:20 PMAfter session creation, you can update that passwordless user’s email to the new email in supertokens
rp_st
05/05/2022, 6:21 PM(And remove the new email mapping from your table)
p
pitchash
05/05/2022, 6:29 PMHmm.. hard to visualise how that would work without some examples…. I’ll take a look at the verify email recipie and see if I can figure that out
r
rp_st
05/05/2022, 6:30 PMLmk if you need me to write some pseudo code for my explanation.
rp_st
05/05/2022, 6:30 PMI can probably do it sometime tomorrow
c
CaptainPhoton
06/16/2022, 4:08 PMyes please! But I think the metadata route is right for me since I already put all user data there
r
rp_st
06/16/2022, 4:10 PMYeaa. Will do it soon. Should be sometime in the coming one or two weeks
c
CaptainPhoton
06/16/2022, 4:11 PMthanks!
CaptainPhoton
06/16/2022, 4:11 PMI could probably show the email verification component as soon as I notice the user updating their email
CaptainPhoton
06/16/2022, 4:19 PMsomething like this? (updateUserMetadata is my own function that validates the input and updates metadata)
r
rp_st
06/16/2022, 4:22 PMYea! Makes sense!!
c
CaptainPhoton
06/16/2022, 4:25 PMthere's also verifyEmailPOST. Which do you recommend?
CaptainPhoton
06/16/2022, 4:26 PMwill verifying email hit consumeCode AND verifyEmail?
r
rp_st
06/16/2022, 4:26 PMWell, you should do it there as well.
rp_st
06/16/2022, 4:26 PMNo. Verifying email will not hit consume code
c
CaptainPhoton
06/16/2022, 4:26 PMokay cool! Will do both
11 Views