Enable email verification
important
Email verification is turned off by default. It is strongly encouraged to enable it to ensure the authenticity of your users.
There are two modes of email verification:
REQUIRED
: Requires that the user's email is verified before they can access your application's frontend or backend routes (that are protected with a session).OPTIONAL
: Adds information about email verification into the session, but leaves it up to you to enforce it on the backend and frontend based on your business logic.
#
Backend setup- NodeJS
- GoLang
- Python
- Other Frameworks
Important
import SuperTokens from "supertokens-node";
import EmailVerification from "supertokens-node/recipe/emailverification";
import Session from "supertokens-node/recipe/session";
SuperTokens.init({
appInfo: {
apiDomain: "...",
appName: "...",
websiteDomain: "...",
},
recipeList: [
EmailVerification.init({
mode: "REQUIRED", // or "OPTIONAL"
}),
Session.init(),
],
});
import (
"github.com/supertokens/supertokens-golang/recipe/emailverification"
"github.com/supertokens/supertokens-golang/recipe/emailverification/evmodels"
"github.com/supertokens/supertokens-golang/recipe/session"
"github.com/supertokens/supertokens-golang/recipe/session/sessmodels"
"github.com/supertokens/supertokens-golang/supertokens"
)
func main() {
supertokens.Init(supertokens.TypeInput{
RecipeList: []supertokens.Recipe{
emailverification.Init(evmodels.TypeInput{
Mode: evmodels.ModeRequired, // or evmodels.ModeOptional
}),
session.Init(&sessmodels.TypeInput{}),
},
})
}
from supertokens_python import init, InputAppInfo
from supertokens_python.recipe import session
from supertokens_python.recipe import emailverification
init(
app_info=InputAppInfo(
api_domain="...", app_name="...", website_domain="..."),
framework='...',
recipe_list=[
emailverification.init(mode='REQUIRED'), # or 'OPTIONAL'
session.init()
]
)
#
Frontend setup- ReactJS
- Angular
- Vue
You will have to make changes to the auth route config, as well as to the supertokens-web-js
SDK config at the root of your application:
This change is in your auth route config.
// this goes in the auth route config of your frontend app (once the pre built UI script has been loaded)
(window as any).supertokensUIInit("supertokensui", {
appInfo: {
apiDomain: "...",
appName: "...",
websiteDomain: "...",
},
recipeList: [
(window as any).supertokensUIEmailVerification.init({
mode: "REQUIRED", // or "OPTIONAL"
}),
],
});
This change goes in the supertokens-web-js
SDK config at the root of your application:
import SuperTokens from "supertokens-web-js";
import EmailVerification from "supertokens-web-js/recipe/emailverification";
import Session from "supertokens-web-js/recipe/session";
SuperTokens.init({
appInfo: {
apiDomain: "...",
appName: "...",
},
recipeList: [
EmailVerification.init(),
Session.init(),
],
});
You will have to make changes to the auth route config, as well as to the supertokens-web-js
SDK config at the root of your application:
This change is in your auth route config.
// this goes in the auth route config of your frontend app (once the pre built UI script has been loaded)
(window as any).supertokensUIInit("supertokensui", {
appInfo: {
apiDomain: "...",
appName: "...",
websiteDomain: "...",
},
recipeList: [
(window as any).supertokensUIEmailVerification.init({
mode: "REQUIRED", // or "OPTIONAL"
}),
],
});
This change goes in the supertokens-web-js
SDK config at the root of your application:
import SuperTokens from "supertokens-web-js";
import EmailVerification from "supertokens-web-js/recipe/emailverification";
import Session from "supertokens-web-js/recipe/session";
SuperTokens.init({
appInfo: {
apiDomain: "...",
appName: "...",
},
recipeList: [
EmailVerification.init(),
Session.init(),
],
});
important
SuperTokens will trigger verification emails by redirecting the user to the email verification path when the mode is set to REQUIRED
. If you have set the mode to OPTIONAL
or are NOT using the SessionAuth
wrapper, you will need to manually trigger the verification email. Our guide on protecting API and website routes will go over the changes that need to be made.
Additionally, note that SuperTokens does not send verification emails post user signup. The user needs to be redirected to the email verification path to trigger the sending of the verification email. This is done automatically when using the prebuilt UI and in REQUIRED
mode.