How to access email in `verify-email` route when verifying email OTP?
I'm handling all my authentication server-side using SvelteKit.
I have
requireEmailVerification: true and trigger an emailOTP to be sent upon user creation. This sends a user to a /verify-email route where they can insert their OTP. However, my server here doesn't know the email address of the user so cannot verify the OTP because it doesn't know what user/email to associate it with.
How can I best solve this? I thought of passing the email as a query param, but that's unsafe. Any tips? Maybe the one-time token? Problem is that user needs to have verified their email before they can log in.2 Replies
There isn't really a good way to do this besides putting it in a query param.
If you don't want to do that then you'll just have to have an email input field for the user to input.
Other then that you can probably use the magicLink plugin which would in theory solve this specific issue you're facing.
Thanks for the response. I was able to solve this by using a JWT which I both use on the redirect to the
/verify-email page and add to the OTP verification page.
I believe guidance on this use case is missing from the documentation and think it should be added. Is this something I could contribute to?