Email Verification.
In my project I am using credential login and I want to add email verification to it. How can I do it. I was going to watch a video for it about auth.js but since t3 already provides some stuff I wanted to ask it here first. What should i begin with? and is the tokens in the database schema is about verification tokens?
9 Replies
I highly recommend reading The Copenhagen Book by the creator of Lucia. You can also reference Lucia's example project with email verification implemented.
It's not exactly Auth.js, but the concepts are exactly the same!
GitHub
GitHub - lucia-auth/example-nextjs-email-password-2fa: Email and pa...
Email and password example with 2FA in Next.js. Contribute to lucia-auth/example-nextjs-email-password-2fa development by creating an account on GitHub.
thanks!
Yeah ita a good example but i will say there are different email verification methods
The first uses a one time passcode and the other uses a link or email magic link
With one time passcode, it still vulnerable to exploit since the auth example doesnt consider attempt failures
But its fine if this is just a hobby project
Owasp also gives guide lines for correct messages to client when doing email verification
thanks a lot
i have one more question, should i use this for email verification? t3 automatically created it when i created the project
Thats pretty common even in Auth0 database schema example they have that
It doesnt include everything needed in terms of security
But it covers the basic of OTP or email magic links
alright thanks!
what's missing from the OTP auth example? it includes rate limiting, an auth check, and both the token and cookies have an expiration date.
it doesnt include the validation
its just a template is what im saying
but does not cover everything with regards to security