Does Better Auth use emailVerified?
Does the signed-in user's value of emailVerified change any behaviors of Better Auth? Or, is it up to the application to implement permissions and UI based on emailVerified? Or both?
2 Replies
As every senior engineer would say: It depends.
If you configure better auth to require email verification, then a user cannot login (create a session), and must verify their email before proceeding. iirc it tries to send the verification email on login attempt when the user has not verified their email but I can't remember exactly.
Documentation wise for the change email functionality in better auth it states that if the user's email is verified and they try to change their email it will send a email to the existing email to verify the change but I also remember reading somewhere in this discord that the documentation is incorrect and that it sends the email verification anyways (but I think I'm confusing that for the account deletion login)
If you don't use any of those built-in functionality, I think it's just a boolean you can decide what to do with
Thanks @The Untraceable for your insights. I haven't observed what you describe about emailVerified preventing login but that's the sort of thing I was asking about. It likely works just as you say. I probably should write some E2E tests to nail down Better Auth's behavior with emailVerified.
In general, your statement that emailVerified is "just a boolean" seems right.
Thanks again.