User email verification


#1

Hi,

As per one my requirements, I need to register new users and have they email verified before enables the sign in feature. The application flow should be the following:

  1. The user provides the username/email and password and clicks in the registration button.
  2. The system should register it with non-verified email status and send a verification email.
  3. The user should click on the link and has the email verified.
  4. The user must be redirected to the application homepage.

Currently, I am able to create the user by the following API:

https://myapplication.com/api/v1/users?activate=false

Then I call the following API to active it and send the email verification link:

https://myapplication.com/api/v1/users/{{userId}}/lifecycle/activate

After that, the user receives the verification email and also its status has changed from Staged to Active

The problem that I am facing is that even if the user does not click on the verification link, it is possible to execute the sign in using the following API call:

https://myapplication.com/api/v1/authn

Is there a way to disable the user sign in until it verifies the email?

Can someone please guide me on the right path or letting me know what I am doing wrong here.

Thanks in advance.
Pradeep