Channels
#support-questions
Title
# support-questions
p
PitchAsh
05/05/2022, 11:55 AMWith the passwordless recipe what is the recommended flow for updating a users email address including sending an otp / magic link and then finally updating the email address on supertokens with the verified address?
r
rp
05/05/2022, 11:56 AMhey @PitchAsh
- Init the emailverification recipe as well
- In a background job, use the emailverification recipe API to mark all the passwordless users' email as verified.
- When changing a user's email in passwordless recipe, mark that user's email as unverified using the email verification recipe API
- Overrride the passwordless code consume API to mark that user's email as verified. This way, when the user clicks on the magic link / enters the OTP, their email is verified automatically.
Alternatively, you could use the user metadata recipe to store if a user's email is verified or not. Mark it as verified in the code consume API override, and before updating their email, mark is as unverified in the user metadata.
We should probably link email verification recipe to passwordless.. It would be helpful if you can open an issue about this on our supertokens-core repo 🙂
p
PitchAsh
05/05/2022, 6:16 PMThe problem with the flow above is that we don’t want to change the passwordless users email till after the verification is done… usually I add a second “new_email” field on the user record
r
rp
05/05/2022, 6:20 PMAh right. I see. That’s also possible to achieve then, but you will have to add it to your own table. You can add a new email field against that userId in your table. And when they login with that, you can override the consume code API to check if there is a user in your table associated with a new email = the email for the code. If there is, then don’t call the original implementation, and instead just create a new session directly
After session creation, you can update that passwordless user’s email to the new email in supertokens
(And remove the new email mapping from your table)
p
PitchAsh
05/05/2022, 6:29 PMHmm.. hard to visualise how that would work without some examples…. I’ll take a look at the verify email recipie and see if I can figure that out
r
rp
05/05/2022, 6:30 PMLmk if you need me to write some pseudo code for my explanation.
I can probably do it sometime tomorrow
c
CaptainPhoton
06/16/2022, 4:08 PMyes please! But I think the metadata route is right for me since I already put all user data there
r
rp
06/16/2022, 4:10 PMYeaa. Will do it soon. Should be sometime in the coming one or two weeks
c
CaptainPhoton
06/16/2022, 4:11 PMthanks!
I could probably show the email verification component as soon as I notice the user updating their email
something like this? (updateUserMetadata is my own function that validates the input and updates metadata)
r
rp
06/16/2022, 4:22 PMYea! Makes sense!!
c
CaptainPhoton
06/16/2022, 4:25 PMthere's also verifyEmailPOST. Which do you recommend?
will verifying email hit consumeCode AND verifyEmail?
r
rp
06/16/2022, 4:26 PMWell, you should do it there as well.
No. Verifying email will not hit consume code
c
CaptainPhoton
06/16/2022, 4:26 PMokay cool! Will do both
5 Views