BA
Better Auth4mo ago
swtbtl

auth.api.changeEmail updates email immediately even when user is verified (unlike client flow)

Steps to reproduce: 1. Set up Better Auth with changeEmail.enabled: true and a working sendChangeEmailVerification function. 2. Call this on the server: 
await auth.api.changeEmail({
  body: { newEmail: "[email protected]" },
  headers: request.headers
});
await auth.api.changeEmail({
  body: { newEmail: "[email protected]" },
  headers: request.headers
});
3. Make sure the user has a verified current email. 4. You'll notice: * A verification email is sent to the current email ✅ * But the user's email is updated instantly, without waiting for them to click the link ❌ --- Expected behavior: Just like authClient.changeEmail, it should wait until the user clicks the verification link before updating their email. Actual behavior: Email is updated immediately on the backend, even though the user was verified. --- Version: better-auth@1.2.9 Environment: 
OS: Ubuntu 24.04
Browser: N/A (server-side issue)
OS: Ubuntu 24.04
Browser: N/A (server-side issue)
Affected area: 🛠️ Backend --- Relevant config: 
user: {
  changeEmail: {
    enabled: true,
    sendChangeEmailVerification: async ({ user, url, token }, request) => {
      console.log('First verification email sent!', user, url, token);
    },
  },
},
emailVerification: {
  sendVerificationEmail: async ({ user, url, token }, request) => {
    console.log('Second verification email sent!', user, url, token);
  },
},
user: {
  changeEmail: {
    enabled: true,
    sendChangeEmailVerification: async ({ user, url, token }, request) => {
      console.log('First verification email sent!', user, url, token);
    },
  },
},
emailVerification: {
  sendVerificationEmail: async ({ user, url, token }, request) => {
    console.log('Second verification email sent!', user, url, token);
  },
},
--- Extra context: Feels like the server API isn’t waiting for verification before saving the new email. Might be a logic gap.
0 Replies
No replies yetBe the first to reply to this messageJoin

Did you find this page helpful?