Enable email verification
Email verification is turned off by default. It is strongly encouraged to enable it to ensure the authenticity of your users.
CAUTION
This information only applies to scenarios in which you are using SuperTokens Session Access Tokens.
If you are implementing Unified Login you will have to manually check the email_verified claim on the OAuth2 Access Tokens. Please read the separate page that shows you how to verify the token.
What type of UI are you using?
There are two modes of email verification:
REQUIRED: Requires that the user's email is verified before they can access your application's frontend or backend routes (that are protected with a session).OPTIONAL: Adds information about email verification into the session, but leaves it up to you to enforce it on the backend and frontend based on your business logic.
Backend setup
import SuperTokens from "supertokens-node";
import EmailVerification from "supertokens-node/recipe/emailverification";
import Session from "supertokens-node/recipe/session";
SuperTokens.init({
appInfo: {
apiDomain: "...",
appName: "...",
websiteDomain: "...",
},
recipeList: [
EmailVerification.init({
mode: "REQUIRED", // or "OPTIONAL"
}),
Session.init(),
],
});
Frontend setup
Do you use react-router-dom?
SuperTokens will trigger verification emails by redirecting the user to the email verification path when the mode is set to REQUIRED. If you have set the mode to OPTIONAL or are NOT using the SessionAuth wrapper, you will need to manually trigger the verification email. Our guide on protecting API and website routes will go over the changes that need to be made.
Additionally, note that SuperTokens does not send verification emails post user signup. The user needs to be redirected to the email verification path to trigger the sending of the verification email. This is done automatically when using the prebuilt UI and in REQUIRED mode.