BA
Better Auth4mo ago
Tyler

Email verification not working as I would expect

I have a pretty simple BetterAuth set up. I am just trying to do a simple emailSignUp with email verification flow. I followed the docs page on email sign up. 
export const auth = betterAuth({
  emailVerification: {
    sendVerificationEmail: async ({ user, url, token }, request) => {
      console.log(
        "Sending verification email to:",
        user.email,
        "with token:",
        token,
        "url:",
        url
      );
      await sendEmail({
        to: user.email,
        subject: "Verify your email address",
        text: `Click the link to verify your email: ${url}`,
        html: `<p>Click the link to verify your email: <a href="${url}">${url}</a></p>`,
      });
    },
  },
  emailAndPassword: {
    requireEmailVerification: true,
    enabled: true,
  },
  database: drizzleAdapter(db, {
    provider: "pg", // or "mysql", "sqlite"
  }),
  plugins: [nextCookies()],
});
export const auth = betterAuth({
  emailVerification: {
    sendVerificationEmail: async ({ user, url, token }, request) => {
      console.log(
        "Sending verification email to:",
        user.email,
        "with token:",
        token,
        "url:",
        url
      );
      await sendEmail({
        to: user.email,
        subject: "Verify your email address",
        text: `Click the link to verify your email: ${url}`,
        html: `<p>Click the link to verify your email: <a href="${url}">${url}</a></p>`,
      });
    },
  },
  emailAndPassword: {
    requireEmailVerification: true,
    enabled: true,
  },
  database: drizzleAdapter(db, {
    provider: "pg", // or "mysql", "sqlite"
  }),
  plugins: [nextCookies()],
});
in my signUp server action I have this: 
  const { error } = await tryCatch(
    auth.api.signUpEmail({
      body: {
        email,
        name: email,
        password,
      },
    })
  );
  const { error } = await tryCatch(
    auth.api.signUpEmail({
      body: {
        email,
        name: email,
        password,
      },
    })
  );
I receive the email just fine, with the token: Click the link to verify your email: http://localhost:3000/api/auth/verify-email?token=eyJhbGciOiJIUzI1NiJ9.eyJlbWFpbCI6ImxramFkc2ZAYXNkZi5jb20iLCJpYXQiOjE3NDcxNDQ3NDEsImV4cCI6MTc0NzE0ODM0MX0.4q3y1JxTFGK4joYJrsat-2sTZRj3vAY05PnaonYogXk&callbackURL=/ When I click on that link, I get the attached screenshot int he network tab. No errors, no feedback. No entries in my mytable_verifications either. The signUp creates an account, and I can sign in with that account right away.
No description
4 Replies
Tyler
TylerOP4mo ago
I think because I am doing stuff server-side things are different? Also, I notice that the users table has a verified t/f column. When I do a signUpEmail, the user is verified False, which is correct. But they still get a session cookie that allows them to access protected pages. So if I do things server side, am I expected to check if the user is verified on a server side page, and then show them a verification is required to continue?
Soheel
Soheel4mo ago
EMail Verified by default is irellevant to authentification status of the User You can however set a flag somewhere to require a verified email to allow logging in Mb. didnt see you had it active, then I wonder why the user gets logged in if the email is not verified Ah I see I have "autoSignIn" set to false additionally, that might be what allows users in your case to instantly login on signup
Soheel
Soheel4mo ago
Tyler
TylerOP4mo ago
I think its because authentication and authorization are different things - which checks out, albeit confusing I think the user specifying the correct email and password technically authenticates them, but then its still up the application to decide whether or not to authorize them.

Did you find this page helpful?