https://supertokens.com/ logo
Channels
Powered by
#support-questions
Title
# support-questions
m

Maxi|Shinobi

04/08/2022, 9:47 AM
Is there somewhere a guide on how to implement email verification for plain javascript?
r

rp

04/08/2022, 9:54 AM
there isn't one yet. But you can do it like this: - You want to call the 
{apiBasePath}/user/email/verify
POST API to generate a new email verification token and send the email to the user: https://app.swaggerhub.com/apis/supertokens/FDI/1.13.0#/EmailVerification%20Recipe/verifyEmail - Once the user clicks on the link, the UI on that page should extract the token from the URL and call the 
{apiBasePath}/user/email/verify/token
POST API: https://app.swaggerhub.com/apis/supertokens/FDI/1.13.0#/EmailVerification%20Recipe/verifyEmailToken. This API will consume the token and mark the user's email as verified. On the frontend, you can check if a user's email is verified using the 
{apiBasePath}/user/email/verify
GET API: https://app.swaggerhub.com/apis/supertokens/FDI/1.13.0#/EmailVerification%20Recipe/getVerifyEmail
m

Maxi|Shinobi

04/08/2022, 9:55 AM
Do I have to send the email myself?
r

rp

04/08/2022, 9:57 AM
We send the email for you if you are using our backend SDK
m

Maxi|Shinobi

04/08/2022, 9:57 AM
You mean the hosted one?
At the moment I am self hosting a container
r

rp

04/08/2022, 9:58 AM
Yea that would work too. But are you using our node / golang or python SDK?
m

Maxi|Shinobi

04/08/2022, 9:58 AM
I am using your node sdk
r

rp

04/08/2022, 9:59 AM
Right yea. So when the frontend calls 
{apiBasePath}/user/email/verify
POST, we will send the email automatically
but if you want to send it yourself or change the design of the email, you can do that too.
m

Maxi|Shinobi

04/08/2022, 11:19 AM
Thank you, I will try to make it work 🙂
What is the token required in the /email/verify endpoint?
r

rp

04/08/2022, 11:32 AM
it's a token that gets attached in the email veirifcation link that the user clicks
it's a one time use token that will prove to the backend that the user indeed has access to their email
m

Maxi|Shinobi

04/08/2022, 11:32 AM
do I have to create that myself?
r

rp

04/08/2022, 11:32 AM
nope
m

Maxi|Shinobi

04/08/2022, 11:32 AM
how do I get it then?
r

rp

04/08/2022, 11:33 AM
you will need to read it from the URL that is clicked by the user from their email
m

Maxi|Shinobi

04/08/2022, 11:33 AM
I am referring to this step
r

rp

04/08/2022, 11:33 AM
so that URL would open a page on your website which you need to make and that page can have some loading UI, In that page, you would extract the token from the URL and send it to backend
Ah sorry
I mixed up the order in which you are to call the APIs
you need to first call 
{apiBasePath}/user/email/verify/token
which will send the email to the user
then once the user clicks the link, you need to call 
{apiBasePath}/user/email/verify
POST
m

Maxi|Shinobi

04/08/2022, 11:35 AM
ah okay, wait I will try that
perfect, I now got an email!
what would you do with users that are not verified? And how can I see if someone is not verified yet?
r

rp

04/08/2022, 11:44 AM
On the frontend, you can check if a user's email is verified using the {apiBasePath}/user/email/verify GET API: https://app.swaggerhub.com/apis/supertokens/FDI/1.13.0#/EmailVerification%20Recipe/getVerifyEmail
For not verified users, you can redirect them to the verify email screen
so once they sign up / sign in, check if their email is verified or not. If not, then redirect them to verify email screen
the above is simple implementation, if you want a more secure implementation, you can store if they have verified their email in the access token and then use that to check on the frontend + in the APIs. Then once they have finished verifying their email, you can update the access token to mark it as verified, giving them access to the APIs + the frontend routes.
m

Maxi|Shinobi

04/08/2022, 12:11 PM
thank you!
When I want to verify an email I get always back that I have to send a token, but I am sending one: What I send: { method: 'token', token: '992a9c651e9f9d5965fe47e269e263105aa1283a2a711510249e320719ab2199' } What I receive: { message: 'Please provide the email verification token' }
r

rp

04/08/2022, 12:43 PM
> I tried just sending another post request to .../token, but that did not seem to work That should work
m

Maxi|Shinobi

04/08/2022, 12:43 PM
Yes, it worked
I had it on another page and when reloading SuperTokens wasnt initialized anymore^^
r

rp

04/08/2022, 12:44 PM
not sure what you mean
m

Maxi|Shinobi

04/08/2022, 12:45 PM
Related to that? I was dumb and should have read my logs😅
r

rp

04/08/2022, 12:45 PM
ah ok
m

Maxi|Shinobi

04/08/2022, 12:46 PM
To the other one: 1. I click on the link in the email 2. I get redirected to the site 3. I read out the token and send it to the endpoint { method: 'token', token: '992a9c651e9f9d5965fe47e269e263105aa1283a2a711510249e320719ab2199' } 4. I get the answer from the api that I should provide the token
maybe I forgot to set the headers
yes, that was it
sorry
r

rp

04/08/2022, 1:07 PM
cool!
3 Views
Powered by