FormField email verification - Numerical code & JWT content
-
Hello,
I have two questions for which I haven't found an answer anywhere in the documentation or among the issues.
-
Using FormField email verification strategy, is it possible to configure it to only send numerical codes (12345) instead of alphanumerical codes (A1B2C) ?
-
In our application, we only use the FusionAuth API and we want to enforce the gated behavior for unverified user. Thus we expected to get verified status in their JWT OAuth token but it seems to not be the case. Our current workaround is on every user request, query its user data from FustionAuth API and check that "verified: true" or return an error. Is our workaround the only solution or did we miss something ?
NB: We are on paid starter plan.
Kind regards,
Maxime -
-
Hello @maxime-aerts,
As for your first question, I don't think you can change the values to only send numerical codes, but I will look into a bit deeper. I will let you know if I find otherwise or anyone feel free to jump in if you know.
For the second question, have you looked at Lambdas? You should be able to add the user.verified value to the JWT.
It would look something like this.
function populate(jwt, user, registration) { // Add a new claim named 'user_verified' from a data attribute on the user jwt.user_verified = user.verified; }
If you need more help on how to create a Lambda, just let me know.
-
@mark-robustelli Indeed, we didn't know about Lambdas and this seems to do the trick. Thank you!
-
@maxime-aerts There may be a way to control the format the verification is sent.
Please:
- Go into the Admin UI
- Select Tenants
- Select Edit for the Tenant you want to change
- Select the Advanced tab
- Scroll down to the External identifier generation section
- Find Email verification
- Choose Digits
There are other settings that may work for you as well depending on what you are trying to do. Please test it out and let me know if this works for you. Please keep in mind, you will be reducing the randomness and in turn the security of such identifiers.