Change user email
I'm implementing a feature to allow users to change their email. I'm using the API: https://zitadel.com/docs/apis/resources/auth/auth-service-set-my-email. User noticed that ZITADEL updates the email without verifying whether the email address actually exists. As a result, if the user enters an incorrect email, they won't be able to enter the verification code when logging in again. How can you handle this issue effectively?
8 Replies
Update the mail:
https://zitadel.com/docs/apis/resources/user_service_v2/user-service-set-email
Remember to set
isVerified = false
To (re)-send the verification Mail use these:
https://zitadel.com/docs/apis/resources/user_service_v2/user-service-send-email-code and/ or https://zitadel.com/docs/apis/resources/user_service_v2/user-service-resend-email-code
for the verification, depending on whether your application or Zitadel handles that, this one might come in handy:
https://zitadel.com/docs/apis/resources/user_service_v2/user-service-verify-emailWhat will happen if I enter the wrong email without verify and log out of that session? ❤️
In addition, I want to implement the feature of linking a ZITADEL account with Google and Facebook. Suppose I have already logged in and arrived at my website, and now I want to implement the account linking feature. Can you help me outline the flow for this process?
If you enter the wrong email, the wrong person (or no one) retrieves the verification code thus the account likely doesn't get verified. I'm not sure how Zitadel handles that on a long run. Maybe there's some sort of cleanup? Otherwise you might want to implement a cleanup routine yourself.
So the user can never log in to their account again, right? 😦
There's an article about account linking: https://zitadel.com/docs/concepts/features/account-linking
ZITADEL Docs
ZITADEL supports linking of user accounts from different external identity providers such as social logins or enterprise IdPs.
Technically it isn't their account then. 😄 While it is an account it isn't registered to them. Also it isn't a proper account as it doesn't get verified.
Thanks bro, one more question: I want to perform account linking via API. Can you help me outline the flow?
ZITADEL Docs
Add link to an identity provider to an user..