As per one my requirements, I need to register new users and have they email verified before enables the sign in feature. The application flow should be the following:
- The user provides the username/email and password and clicks in the registration button.
- The system should register it with non-verified email status and send a verification email.
- The user should click on the link and has the email verified.
- The user must be redirected to the application homepage.
Currently, I am able to create the user by the following API:
Then I call the following API to active it and send the email verification link:
After that, the user receives the verification email and also its status has changed from Staged to Active
The problem that I am facing is that even if the user does not click on the verification link, it is possible to execute the sign in using the following API call:
Is there a way to disable the user sign in until it verifies the email?
Can someone please guide me on the right path or letting me know what I am doing wrong here.
Thanks in advance.