I am facing a problem with a “Reset password” flow. When a user wants to reset the password of their account, I want to check if their email has been verified or not. If it’s not verified, I will send a “magic link” to simulate a verify email flow where they can follow the link in their inbox and verify their email using the new manual email token/verify system
Before the user is logged in, I perform a “Do a search for Users” and check if the email that they provide in an input corresponds to a user. If it does, I want to check and see if the email is verified. The problem is that no matter if the email is verified or not the email’s confirmed always returns “no”. If manually login as the user, well, I can see if it returns “yes” … once I log out, it returns no again.
It seems to do with a “Privacy” issue but the problem is that by the nature that the person is trying to reset their password, they are not logged in!
Does anyone know a way of doing this?
I absolutely do not want to create a new field in the user and manually manage “Is Verified” with a yes/ no. That is a band-aid solution to a much bigger problem.