Email verification fails in new incognito mode
-
I'm doing a PoC with fusion auth to see if we can migrate from our current IdP provider.
I noticed that when I register an account, if I copy the email verification to a new incognito window, the verification fails with the error Sorry. The request contains an invalid or expired verification Id. You may need to request another verification to be sent.. To verify the email I need to request a new verification and enter it in the same window which is not very user friendly.
I want to check if this is on purpose as this is a common situation on mobiles (e.g. using Chrome to register on a site, but embedded safari when clicking on a link). If this is by design, is there a way to change the behaviour so the link works regardless of the state of the browser?
Also, is there a way to verify the email when the user clicks the link rather than requiring to click 'continue' as a confirmation?
-
-
@mark-robustelli sorry for the late reply.
Thanks to your email I just found the issue in another thread: https://fusionauth.io/community/forum/topic/1406/link-in-email-verification-not-working-first-time
The key was to read the documentation shared by Joshua (https://fusionauth.io/docs/v1/tech/tutorials/gating/gate-accounts-until-user-email-verified/#troubleshooting-email-and-registration-verification).
The issue was that I had selected the wrong email template. I had selected
Email Verification
when the correct one wasRegistration Verification
.And hijacking my question: is there a way to automatically verify the email when the user clicks on the link in the email rather than ask for confirmation? I like the idea of a 2nd confirmation as it should stop some email scanners that click on all links in an email, but it's also good to have the least amount of friction.
-
@pocfused said in Email verification fails in new incognito mode:
https://fusionauth.io/community/forum/topic/1406/link-in-email-verification-not-working-first-time
Glad you were able to solve your issue.
As far as the automatically verify the email part. What settings do you have for Applications -> Your Application -> Registration -> Verification strategy? There is a setting Clickable link. Is that what you are after?
Another thought would simply turning off Verify registrations in the Applications -> Your Application -> Registation tab work for you or do you still want the user to actually have to click on a link? (It would make sense to ensure the user owns the email address.)
You could also do something like provide a custom template and direct them to your application and then automatically verify them using the APIs. Check out this blog post.
Good luck.