Add a feature to check the validity and expiry of verificationId to confirm the email through an API.

[dany13gd]

Problem

Currently, there is no way to check the validity and expiration of verificationId via an API. The only way to know if it is invalid or expired is via the 404 response by hitting POST /api/user/verify-email/{verificationId}. However, it is important to note that this method consumes the verificationId, meaning you will not be able to use it again for actual email verification. Therefore, this approach is not ideal for all use cases.

Solution

It would be great if FusionAuth could add a feature to check the validity and expiration of verificationId via an API to improve the unverified email workflow.

[robotdan]

Thanks for the request @dany13gd.

If we added an API for this -what type of information you are you looking for? Just a 200 to say the verification is still valid, or do you also want to know the remaining TTL on this token for example, or anything else?

We could consider adding support for GET /api/user/verify-email/{verificationId} on the current API to return a 200 and perhaps a TTL or something like that.

Or a new API such as GET /api/user/verify-email/status/{verificationId} to explicitly ask for the status of this verificationId.

[dany13gd]

Thank you @robotdan for the prompt response. Getting a 200 response would be great, but if you could add the TTL to the response it would be even better. This will allow for better management of email verification and for the user to decide whether to look for the email in their inbox or decide to forward an email.

[dany13gd]

But the idea would be to just check that the verificationId is still valid, meaning that if you go and look for your email with the verificationId it can be used.

This seems to be a better option:
/api/user/verify-email/status/{verificationId}

[dany13gd]

Or @robotdan you could set that variable in the user info too, example:

{
    "user": {
        "active": true,
        "connectorId": "string",
        },
        "email": "[email@email.com](mailto:email@email.com)",
        "id": "string",
        "insertInstant": number,
        "lastLoginInstant": number,
        "lastUpdateInstant": number,
        "memberships": [],
        "mobilePhone": "[(123) 1242135125](tel:1242135125)",
        "passwordChangeRequired": false,
        "passwordLastUpdateInstant": number,
        "preferredLanguages": [
            "en"
        ],
        "uniqueUsername": "email",
        "username": "email",
        "usernameStatus": "ACTIVE",
        "verified": false ,
        "verificationId": "ACTIVE" Or "INACTIVE"
    }
}

That way we can know if the verificationId is still valid.

[dany13gd]

Thank you very much for taking into account the suggestion, if both could be implemented:

this one:
Or a new API such asGET /api/user/verify-email/status/{verificationId}to explicitly ask for the status of this verificationId.

And this one:

{
    "user": {
        "active": true,
        "connectorId": "string",
        },
        "email": "[email@email.com](mailto:email@email.com)",
        "id": "string",
        "insertInstant": number,
        "lastLoginInstant": number,
        "lastUpdateInstant": number,
        "memberships": [],
        "mobilePhone": "[(123) 1242135125](tel:1242135125)",
        "passwordChangeRequired": false,
        "passwordLastUpdateInstant": number,
        "preferredLanguages": [
            "en"
        ],
        "uniqueUsername": "email",
        "username": "email",
        "usernameStatus": "ACTIVE",
        "verified": false ,
        "verificationId": "ACTIVE" Or "INACTIVE"
    }
}

would be great.