This is a contributors guide and NOT a user guide. Please visit these docs if you are using or evaluating SuperTokens.
This is just a proposal so far, it hasn't been accepted and needs further discussion.
hasAccess function (see this decision) would return
hasAccess: false for a session with an unverified email even in OPTIONAL mode (and always in web-js) currently.
hasAccess: truereturn type of
- Only add validators in REQUIRED mode in the email verification recipe
We should only add validators in REQUIRED mode in the email verification recipes, because:
hasAccess: truewith invalid claims seems a bit weird.
- It would complicate claims further if we allowed them to only optionally disallow access.
As a consequence:
- We should add
modeparam to the email verification recipe in web-js.
- In both SDKs, the OPTIONAL mode should not add the email verification claim to the global claim validators.