Auth0 Email Verification
PreviousCountry-Only-Start Subscriptions (NCS Circ)NextOccupant creation/update during a new start (NCS Circ)
Last updated
Was this helpful?
Last updated
Was this helpful?
The following feature details are in its Beta version.
Auth0 Email Verification is a backend process managed by Auth0 to verify user email addresses. All end-users accessing the Subscription Panel to purchase a new subscription must complete this verification step. This crucial process occurs after the user provides their email address and helps reduce potential carding attempts, enhancing security.
The process works as below:
New Email Address:
If the end user enters an email address not found in the Auth0 database, Auth0 creates a new user account. The user is then prompted to verify their email address. Once verified, the user is allowed to continue with the subscription purchase.
Existing Email Address:
If the user's email address already exists in the Auth0 database, it can be either a verified or an unverified email address.
Verified Email address: The user can directly proceed with the purchase flow.
Unverified Email address: The user will be prompted to verify their email address before proceeding to the purchase flow.
The Auth0 Email Verification feature ensures that end users cannot proceed with their subscription purchase until their email address is verified. This process enhances security by allowing only verified users to reach the payment step.
If a user accesses the Subscription Panel while logged in via Social Login or logs in using Social Login through the login header, the email verification flow is skipped, as their email is already verified.
The subscription purchase workflow begins as follows:
The end user clicks the 'SUBSCRIBE' button on the Subscription Panel and is navigated to the User Information tab.
On the User Information tab, the user is prompted to enter their first name, last name, and email address based on the fields enabled through CMS. Depending on the email address entered, the Email Verification workflow differs as given below:
If the email address is new (not present in the Auth0 database), the user is asked to create a password and confirm it. Once the passwords are entered, the 'Continue' button is enabled.
Clicking the 'Continue' button creates a new user account, and Auth0 sends a verification email to the user's address. A pending verification message is displayed "Your Account is created! Please check your email for a verification link to proceed further." This message can be configured by clients through CMS at the presentation level.
The user can check their inbox, open the email, and click the verification button to verify their email address.
After verification, the user can return to the Subscription Panel, click the 'Continue' button, and proceed with the subscription purchase.
When the end user receives a verification email from Auth0 at the provided email address, the user needs to click the "VERIFY YOUR ACCOUNT" button to verify their email address.
After verification, the user receives a success message confirming that the email address has been verified by Auth0.
If the end user does not click the 'Verify Your Account' button and verify the email address within the expiry time, the link will expire, and the user will not be verified. The validity period of the verification link is set in the Auth0 dashboard. The default value is 2 minutes.
If the user attempts to verify after the link expires, they will receive the following error message:
Email verification is crucial in the Auth0 email verification workflow. Subscribe provides an option to resend the verification email if the user has not received it due to technical issues or other reasons.
The user can click the resend hyperlink provided, which will trigger the verification email to be sent again to the user's email address. By default, the user is allowed 3 attempts to resend the verification email. After each attempt, a timer is initiated, with a default duration of 30 seconds. The next resend attempt can only be made once the timer expires. However, the number of resend attempts and the timer duration can be configured according to your requirements with the help of corresponding CMS settings.
The Resend verification link in the Subscription Panel is displayed below. This message is configured in CMS. The reattempt and timer message below the resend hyperlink is not configurable.
Emails typically take 30-40 seconds to reach the end user inbox. To prevent multiple clicks, the resend link will be disabled after each click.
When the user clicks the 'Click here' hyperlink, the following actions take place:
The resend link is disabled.
The number of resend attempts remaining for the session is reduced by one.
The countdown of the timer starts.
The timer in SP is initialized with the duration configured in the CMS. If no duration is configured in the CMS, the timer defaults to 30 seconds and the countdown starts from 30. Once initiated, the timer counts down to 0, during which the resend link is disabled.
After the timer ends (becomes 0), the resend link is re-enabled, and the timer message is greyed out.
Subscribe version: 2025.1
Mandatory CMS settings should be configured
Mandatory Auth0 Dashboard settings should be configured
The CMS configuration settings required for Auth0 Email verification are available under the User Information V3 component. (Page V3 > Step V3 > User Information V3). Therefore, your Presentation must include the User Information V3 component.
A new property, EmailVerificationEnable turns the Auth0 email verification flow ON/OFF. This property is represented as a toggle button, allowing you to easily enable or disable the email verification flow.
When the user's email address is not verified, a pending verification message can be displayed to the user. To enable the display of the message, toggle ON the PendingVerificationMessage Enable CMS button. The verification pending message can be configured in the PendingVerificationMessage Text property.
The resend email feature can be enabled by toggling ON the ResendEmail Show button in the CMS. The additional properties for configuring resend email verification are as follows:
ResendEmail Verification Link: Enter the text to be displayed as the resend verification link.
ResendEmail MaxAttempts: Specify the number of resend attempts allowed.
ResendEmail TimerDuration: Enter the duration of the timer in seconds.
ResendEmail EmailReceiptFailureMessage: Provide the text to be displayed to the user after all reattempt chances have been exhausted.
In the Auth0 Dashboard, configure the following:
Email Provider who can send verification emails to end-users
Email Template in which you can configure the content of the verification mail being sent
User Error Message that can inform the user about any error that might occur during the process.
Enabling your own Email Provider is mandatory for the Email Verification flow. Auth0 provides a list of Email Providers that can be configured as an Email Provider. You may choose to configure any Email Provider from the given list on the Auth0 Dashboard Email Provider page. For example, given below are the steps for enabling ‘Sendgrid’ as the Email Provider.
Login to Auth0 Dashboard.
Go to User Management > Branding > Email Provider.
Toggle ON the key “Use my own email provider”.
Select any Email Provider of your choice from the available options on the page. In the below example, 'Sendgrid' is selected.
Configure the selected Email Provider’s credentials.
Click Save button to save the settings.
Configuring the Email Template is also as important as configuring the Email Provider. You need to enable the Email Template and then configure the corresponding settings.
Navigate to User Management > Branding > Email Templates.
Toggle the Status button to ‘Template Enabled’.
Configure the following fields on the Email Templates page as per your requirement: From: Enter the ‘From’ email address Subject: Enter the text content to be displayed as the ‘Subject’ of the verification mail sent to end-user. Redirect To: Subscribe currently not using this field since no redirection is required during the new start flow. URL Lifetime: Enter the time period in seconds for which the verification link should stay valid. Once the seconds specified in this field is passed without any action, the verification link becomes invalid. Message: Configure the verification mail content in this HTML editor.
Click Save button at the end of the page to save the settings.
The option of configuring user error message is generic to any error that might occur related to the email verification process. One such use case is the invalid verification link. If the end user does not verify their email within the time period specified in the URL Lifetime field, the verification link will become invalid. In that case, the message configured in this fields can be displayed to the end-user. To customize that message, perform the following: 1. Go to User Management > Branding > Universal Login > Advanced options.
Select the Custom Text tab. Select ‘email-verification’ in the Prompt drop-down and ‘email-verification-result’ in the Screen drop-down.
Enter the message text in the unknownErrorDescription field.
Click Save Changes button to save the settings.
Once a user exhausts the permitted number of attempts to resend the verification email, an error message is displayed, informing them that they have exceeded the allowed limit. However, this limit applies only to the current session. If the user refreshes the page, the limit resets to the CMS-configured value or the default setting, providing a new set of retry attempts.
