Is there somewhere a guide on how to implement email verific SuperTokens.com #support-questions-legacy

Join Discord

Is there somewhere a guide on how to implement ema...

# support-questions-legacy

Maxi|Shinobi

04/08/2022, 9:47 AM

Is there somewhere a guide on how to implement email verification for plain javascript?

rp_st

04/08/2022, 9:54 AM

there isn't one yet. But you can do it like this: - You want to call the

{apiBasePath}/user/email/verify

POST API to generate a new email verification token and send the email to the user: https://app.swaggerhub.com/apis/supertokens/FDI/1.13.0#/EmailVerification%20Recipe/verifyEmail - Once the user clicks on the link, the UI on that page should extract the token from the URL and call the

{apiBasePath}/user/email/verify/token

POST API: https://app.swaggerhub.com/apis/supertokens/FDI/1.13.0#/EmailVerification%20Recipe/verifyEmailToken. This API will consume the token and mark the user's email as verified. On the frontend, you can check if a user's email is verified using the

{apiBasePath}/user/email/verify

GET API: https://app.swaggerhub.com/apis/supertokens/FDI/1.13.0#/EmailVerification%20Recipe/getVerifyEmail

Maxi|Shinobi

04/08/2022, 9:55 AM

Do I have to send the email myself?

rp_st

04/08/2022, 9:57 AM

We send the email for you if you are using our backend SDK

Maxi|Shinobi

04/08/2022, 9:57 AM

You mean the hosted one?

Maxi|Shinobi

04/08/2022, 9:57 AM

At the moment I am self hosting a container

rp_st

04/08/2022, 9:58 AM

Yea that would work too. But are you using our node / golang or python SDK?

Maxi|Shinobi

04/08/2022, 9:58 AM

I am using your node sdk

rp_st

04/08/2022, 9:59 AM

Right yea. So when the frontend calls

{apiBasePath}/user/email/verify

POST, we will send the email automatically

rp_st

04/08/2022, 9:59 AM

but if you want to send it yourself or change the design of the email, you can do that too.

Maxi|Shinobi

04/08/2022, 11:19 AM

Thank you, I will try to make it work 🙂

Maxi|Shinobi

04/08/2022, 11:24 AM

What is the token required in the /email/verify endpoint?

rp_st

04/08/2022, 11:32 AM

it's a token that gets attached in the email veirifcation link that the user clicks

rp_st

04/08/2022, 11:32 AM

it's a one time use token that will prove to the backend that the user indeed has access to their email

Maxi|Shinobi

04/08/2022, 11:32 AM

do I have to create that myself?

rp_st

04/08/2022, 11:32 AM

nope

Maxi|Shinobi

04/08/2022, 11:32 AM

how do I get it then?

rp_st

04/08/2022, 11:33 AM

you will need to read it from the URL that is clicked by the user from their email

Maxi|Shinobi

04/08/2022, 11:33 AM

I am referring to this step

rp_st

04/08/2022, 11:33 AM

so that URL would open a page on your website which you need to make and that page can have some loading UI, In that page, you would extract the token from the URL and send it to backend

rp_st

04/08/2022, 11:34 AM

Ah sorry

rp_st

04/08/2022, 11:34 AM

I mixed up the order in which you are to call the APIs

rp_st

04/08/2022, 11:35 AM

you need to first call

{apiBasePath}/user/email/verify/token

which will send the email to the user

rp_st

04/08/2022, 11:35 AM

then once the user clicks the link, you need to call

{apiBasePath}/user/email/verify

POST

Maxi|Shinobi

04/08/2022, 11:35 AM

ah okay, wait I will try that

Maxi|Shinobi

04/08/2022, 11:39 AM

perfect, I now got an email!

Maxi|Shinobi

04/08/2022, 11:42 AM

what would you do with users that are not verified? And how can I see if someone is not verified yet?

rp_st

04/08/2022, 11:44 AM

On the frontend, you can check if a user's email is verified using the {apiBasePath}/user/email/verify GET API: https://app.swaggerhub.com/apis/supertokens/FDI/1.13.0#/EmailVerification%20Recipe/getVerifyEmail

rp_st

04/08/2022, 11:44 AM

For not verified users, you can redirect them to the verify email screen

rp_st

04/08/2022, 11:44 AM

so once they sign up / sign in, check if their email is verified or not. If not, then redirect them to verify email screen

rp_st

04/08/2022, 11:46 AM

the above is simple implementation, if you want a more secure implementation, you can store if they have verified their email in the access token and then use that to check on the frontend + in the APIs. Then once they have finished verifying their email, you can update the access token to mark it as verified, giving them access to the APIs + the frontend routes.

Maxi|Shinobi

04/08/2022, 12:11 PM

thank you!

Maxi|Shinobi

04/08/2022, 12:40 PM

When I want to verify an email I get always back that I have to send a token, but I am sending one: What I send: { method: 'token', token: '992a9c651e9f9d5965fe47e269e263105aa1283a2a711510249e320719ab2199' } What I receive: { message: 'Please provide the email verification token' }

rp_st

04/08/2022, 12:43 PM

> I tried just sending another post request to .../token, but that did not seem to work That should work

Maxi|Shinobi

04/08/2022, 12:43 PM

Yes, it worked

Maxi|Shinobi

04/08/2022, 12:44 PM

I had it on another page and when reloading SuperTokens wasnt initialized anymore^^

rp_st

04/08/2022, 12:44 PM

not sure what you mean

Maxi|Shinobi

04/08/2022, 12:45 PM

Related to that? I was dumb and should have read my logs😅

rp_st

04/08/2022, 12:45 PM

ah ok

Maxi|Shinobi

04/08/2022, 12:46 PM

To the other one: 1. I click on the link in the email 2. I get redirected to the site 3. I read out the token and send it to the endpoint { method: 'token', token: '992a9c651e9f9d5965fe47e269e263105aa1283a2a711510249e320719ab2199' } 4. I get the answer from the api that I should provide the token

Maxi|Shinobi

04/08/2022, 12:47 PM

maybe I forgot to set the headers

Maxi|Shinobi

04/08/2022, 12:47 PM

yes, that was it

Maxi|Shinobi

04/08/2022, 12:48 PM

sorry

rp_st

04/08/2022, 1:07 PM

cool!

4 Views

Previous Next