Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add a feature to check the validity and expiry of verificationId to confirm the email through an API. #2915

Open
dany13gd opened this issue Nov 8, 2024 · 4 comments
Labels
enhancement New feature or request

Comments

@dany13gd
Copy link

dany13gd commented Nov 8, 2024

Problem

Currently, there is no way to check the validity and expiration of verificationId via an API. The only way to know if it is invalid or expired is via the 404 response by hitting POST /api/user/verify-email/{verificationId}. However, it is important to note that this method consumes the verificationId, meaning you will not be able to use it again for actual email verification. Therefore, this approach is not ideal for all use cases.

Solution

It would be great if FusionAuth could add a feature to check the validity and expiration of verificationId via an API to improve the unverified email workflow.

@robotdan
Copy link
Member

robotdan commented Nov 8, 2024

Thanks for the request @dany13gd.

If we added an API for this -what type of information you are you looking for? Just a 200 to say the verification is still valid, or do you also want to know the remaining TTL on this token for example, or anything else?

We could consider adding support for GET /api/user/verify-email/{verificationId} on the current API to return a 200 and perhaps a TTL or something like that.

Or a new API such as GET /api/user/verify-email/status/{verificationId} to explicitly ask for the status of this verificationId.

@dany13gd
Copy link
Author

Thank you @robotdan for the prompt response. Getting a 200 response would be great, but if you could add the TTL to the response it would be even better. This will allow for better management of email verification and for the user to decide whether to look for the email in their inbox or decide to forward an email.

@dany13gd
Copy link
Author

dany13gd commented Nov 12, 2024

But the idea would be to just check that the verificationId is still valid, meaning that if you go and look for your email with the verificationId it can be used.

This seems to be a better option:
/api/user/verify-email/status/{verificationId}

@dany13gd
Copy link
Author

Or @robotdan you could set that variable in the user info too, example:

{
    "user": {
        "active": true,
        "connectorId": "string",
        },
        "email": "[[email protected]](mailto:[email protected])",
        "id": "string",
        "insertInstant": number,
        "lastLoginInstant": number,
        "lastUpdateInstant": number,
        "memberships": [],
        "mobilePhone": "[(123) 1242135125](tel:1242135125)",
        "passwordChangeRequired": false,
        "passwordLastUpdateInstant": number,
        "preferredLanguages": [
            "en"
        ],
        "uniqueUsername": "email",
        "username": "email",
        "usernameStatus": "ACTIVE",
        "verified": false ,
        "verificationId": "ACTIVE" Or "INACTIVE"
    }
}

That way we can know if the verificationId is still valid.

@mooreds mooreds added the enhancement New feature or request label Nov 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

3 participants