Skip to main content
important

This is a contributors guide and NOT a user guide. Please visit these docs if you are using or evaluating SuperTokens.

Only add validators in REQUIRED mode in the email verification recipe

Status

This is just a proposal so far, it hasn't been accepted and needs further discussion.

Status:
proposed
Deciders:
rishabhpoddar, porcellus
Proposed by:
porcellus
Created:
2022-12-01

Context and Problem Statement#

The new hasAccess function (see this decision) would return hasAccess: false for a session with an unverified email even in OPTIONAL mode (and always in web-js) currently.

Considered Options#

  • Add invalidClaims to the hasAccess: true return type of hasAccess
  • Only add validators in REQUIRED mode in the email verification recipe

Decision Outcome#

We should only add validators in REQUIRED mode in the email verification recipes, because:

  • hasAccess: true with invalid claims seems a bit weird.
  • It would complicate claims further if we allowed them to only optionally disallow access.

As a consequence:

  • We should add mode param to the email verification recipe in web-js.
  • In both SDKs, the OPTIONAL mode should not add the email verification claim to the global claim validators.
Looking for older versions of the documentation?
Which UI do you use?
Custom UI
Pre built UI