Which UI do you use?

Custom UI

Pre built UI

Enable email verification

important

Email verification is turned off by default. It is strongly encouraged to enable it to ensure the authenticity of your users.

CAUTION

This information only applies to scenarios in which you are using SuperTokens Session Access Tokens.

If you are implementing Unified Login you will have to manually check the email_verified claim on the OAuth2 Access Tokens. Please read the separate page that shows you how to verify the token.

There are two modes of email verification:

• REQUIRED: Requires that the user's email is verified before they can access your application's frontend or backend routes (that are protected with a session).
• OPTIONAL: Adds information about email verification into the session, but leaves it up to you to enforce it on the backend and frontend based on your business logic.

Backend setup

NodeJS

Important

For other backend frameworks, you can follow our guide on how to spin up a separate server configured with the SuperTokens backend SDK to authenticate requests and issue session tokens.

GoLang

import SuperTokens from "supertokens-node";
import EmailVerification from "supertokens-node/recipe/emailverification";
import Session from "supertokens-node/recipe/session";

SuperTokens.init({
  appInfo: {
    apiDomain: "...",
    appName: "...",
    websiteDomain: "...",
  },
  recipeList: [
    EmailVerification.init({
      mode: "REQUIRED", // or "OPTIONAL"
    }),
    Session.init(),
  ],
});

Python

import (
    "github.com/supertokens/supertokens-golang/recipe/emailverification"
    "github.com/supertokens/supertokens-golang/recipe/emailverification/evmodels"
    "github.com/supertokens/supertokens-golang/recipe/session"
    "github.com/supertokens/supertokens-golang/recipe/session/sessmodels"
    "github.com/supertokens/supertokens-golang/supertokens"
)

func main() {
    supertokens.Init(supertokens.TypeInput{
        RecipeList: []supertokens.Recipe{
            emailverification.Init(evmodels.TypeInput{
                Mode: evmodels.ModeRequired, // or evmodels.ModeOptional
            }),
            session.Init(&sessmodels.TypeInput{}),
        },
    })
}

Other Frameworks

from supertokens_python import init, InputAppInfo
from supertokens_python.recipe import session
from supertokens_python.recipe import emailverification

init(
    app_info=InputAppInfo(
        api_domain="...", app_name="...", website_domain="..."),
    framework='...',  
    recipe_list=[
        emailverification.init(mode='REQUIRED'), # or 'OPTIONAL'
        session.init()
    ]
)

Frontend setup

ReactJS

You will have to make changes to the auth route config, as well as to the supertokens-web-js SDK config at the root of your application:

This change is in your auth route config.

// this goes in the auth route config of your frontend app (once the pre built UI script has been loaded)

(window as any).supertokensUIInit("supertokensui", {
  appInfo: {
    apiDomain: "...",
    appName: "...",
    websiteDomain: "...",
  },
  recipeList: [
    (window as any).supertokensUIEmailVerification.init({
      mode: "REQUIRED", // or "OPTIONAL"
    }),
  ],
});

This change goes in the supertokens-web-js SDK config at the root of your application:

import SuperTokens from "supertokens-web-js";
import EmailVerification from "supertokens-web-js/recipe/emailverification";
import Session from "supertokens-web-js/recipe/session";

SuperTokens.init({
  appInfo: {
    apiDomain: "...",
    appName: "...",
  },
  recipeList: [
    EmailVerification.init(),
    Session.init(),
  ],
});

Angular

Do you use react-router-dom?

YesNo

Vue

You will have to make changes to the auth route config, as well as to the supertokens-web-js SDK config at the root of your application:

This change is in your auth route config.

// this goes in the auth route config of your frontend app (once the pre built UI script has been loaded)

(window as any).supertokensUIInit("supertokensui", {
  appInfo: {
    apiDomain: "...",
    appName: "...",
    websiteDomain: "...",
  },
  recipeList: [
    (window as any).supertokensUIEmailVerification.init({
      mode: "REQUIRED", // or "OPTIONAL"
    }),
  ],
});

This change goes in the supertokens-web-js SDK config at the root of your application:

import SuperTokens from "supertokens-web-js";
import EmailVerification from "supertokens-web-js/recipe/emailverification";
import Session from "supertokens-web-js/recipe/session";

SuperTokens.init({
  appInfo: {
    apiDomain: "...",
    appName: "...",
  },
  recipeList: [
    EmailVerification.init(),
    Session.init(),
  ],
});

important

SuperTokens will trigger verification emails by redirecting the user to the email verification path when the mode is set to REQUIRED. If you have set the mode to OPTIONAL or are NOT using the SessionAuth wrapper, you will need to manually trigger the verification email. Our guide on protecting API and website routes will go over the changes that need to be made.

Additionally, note that SuperTokens does not send verification emails post user signup. The user needs to be redirected to the email verification path to trigger the sending of the verification email. This is done automatically when using the prebuilt UI and in REQUIRED mode.