Token difference when account hasn't been verified



  • I have a question about account verification: is the only difference between an account which is verified and one which is not that the id_token returned for the unverified user will have email_verified set to false in the JWT?

    This is relevant because we might want to disable functionality until the user has been verified.



  • The JWT (id_token or access_token) will contain the email_verified claim with a value of true or false, so if you wish to limit privilege based upon this state, that would be a good way to do it.



Looks like your connection to FusionAuth Forum was lost, please wait while we try to reconnect.