-
Notifications
You must be signed in to change notification settings - Fork 29
[Question] Forced verify email after password sign up #18
Comments
Please file questions at Stack Overflow, this issue tracker should be use to file bugs! But I'm in a good mood today :) You should implement this yourself. In the guide you find a PHP example how you can determine if a user is logged in: https://developers.google.com/identity/toolkit/web/quickstart/php In short call the GitKit client module: $gitkitClient = Gitkit_Client::createFromFile(dirname(__FILE__) . '/gitkit-server-config.json');
$gitkitUser = $gitkitClient->getUserInRequest(); Check if the user is logged in, if the e-mail is verified. And if not show the verify link if ($gitkitUser) {
echo $gitkitUser->getEmail() . "\n";
echo $gitkitUser->isEmailVerified() . "\n";
if($gitkitUser->isEmailVerified() == false) {
echo $gitkitClient->getEmailVerificationLink($gitkitUser->getEmail()) . "\n";
}
} |
I have already known that, but I wonder is it ok if a user is created an account by using password (email is not verified) and I don't want to force my user to verify their email? In other words, does it necessary to do email verification? |
It is up to you whether you want to verify an account email or not. You are not forced to. However if you want to, you have to implement it yourself. However the email verification link has to be emailed to the user's email for them to verify it. You want to make sure the user actually owns that email. Once they click on the oob link you emailed, they will be taken to the widget page to complete verification. |
@bojeil good point. In extension, It's better to encapsulate the OOB link in your own application so that the oob link url match the domain of the outgoing e-mail. Otherwise your e-mail could be marked as spam. |
Thank you very much! This is my first time of implementing a user system with 3rd party system, so I did not sure about "what I should and what I should not". |
Does Gitkit has this behaviour built-in on client-side code? Or I have to implement it myself?
After entering the password and finished creating an account, user is redirected to sign_in_success_url, without knowing about verifying email step. So, do we really need to verify email if we use Gitkit's flow?
The text was updated successfully, but these errors were encountered: