• Home
  • Categories
  • Recent
  • Popular
  • Pricing
  • Contact us
  • Docs
  • Login
FusionAuth
  • Home
  • Categories
  • Recent
  • Popular
  • Pricing
  • Contact us
  • Docs
  • Login

Token difference when account hasn't been verified

Scheduled Pinned Locked Moved
Q&A
email verification jwt
1
2
2.0k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D
    dan
    last edited by 7 Aug 2020, 15:17

    I have a question about account verification: is the only difference between an account which is verified and one which is not that the id_token returned for the unverified user will have email_verified set to false in the JWT?

    This is relevant because we might want to disable functionality until the user has been verified.

    --
    FusionAuth - Auth for devs, built by devs.
    https://fusionauth.io

    1 Reply Last reply Reply Quote 0
    • D
      dan
      last edited by 7 Aug 2020, 15:18

      The JWT (id_token or access_token) will contain the email_verified claim with a value of true or false, so if you wish to limit privilege based upon this state, that would be a good way to do it.

      --
      FusionAuth - Auth for devs, built by devs.
      https://fusionauth.io

      1 Reply Last reply Reply Quote 0
      2 out of 2
      • First post
        2/2
        Last post