Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Password authentication is missing email_verification_id in unverified email exception #309

Open
chan-vince opened this issue Aug 1, 2024 · 2 comments

Comments

@chan-vince
Copy link

chan-vince commented Aug 1, 2024

The AuthorizationException exception raised when trying to sign in with an unverified email is missing key information to be able to do custom verification of the user.

  1. Ensure password authentication is enabled.
  2. Invite a new user so they are in an organization, but do not have a verified email address yet.
  3. Call the authenticate_with_password() API. It will return an AuthorizationException and I was expecting to be able to get the email_verification_id from it, in order to use get_email_verification() to retrieve the code and do our own custom emails. However email_verification_id is missing from the exception.

When doing the equivalent of authenticate_with_password() with the REST API via curl, it does actually return email_verification_id:

➜ curl --request POST \
  --url https://api.workos.com/user_management/authenticate \
  --header "Content-Type: application/json" \
  -d @- <<BODY
  {
    "client_id": "client_123456789",
    "client_secret": "sk_test_somelongchars",
    "grant_type": "password",
    "email": "user@example.com",
    "password": "mypassword"
}
BODY
{"code":"email_verification_required","message":"Email ownership must be verified before authentication.","email":"user@example.com","pending_authentication_token":"GODRifg8dOiqJzuNrxp7y0nLP","email_verification_id":"email_verification_01J45GMD0K8XJE48Z3QNKBRWTB"}

Am I mistaken for expecting the python sdk to match the curl response, or am I missing something?

@chan-vince
Copy link
Author

I can get around this issue by reading the response text directly through the exception:

json.loads(exc.response.text)["email_verification_id"]

but I was expecting to be able to just do exc.email_verification_id just like I can do exc.pending_authentication_token for example.

@PaulAsjes
Copy link
Contributor

Sorry for the delay here, we've confirmed the problem and are working on a fix!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

No branches or pull requests

2 participants