Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Require one-time email verification when signing in #216

Open
allanlasser opened this issue Dec 9, 2024 · 0 comments
Open

Require one-time email verification when signing in #216

allanlasser opened this issue Dec 9, 2024 · 0 comments
Labels
auth Accounts and authorization design
Milestone
Accounts & Onboar...

Comments

@allanlasser
Copy link
Member

To enhance our sign in flow and improve security for user accounts, we should prompt users to confirm their email if it's unverified.

  1. When signing in, check if the user's email is verified.
  2. If it is unverified, send them an email with a copyable verification code.
  3. Redirect the user to a page with a Verification Form, styled to appear as a sign-in step, and making sure to pass along the next query. This page should have an action for resending the code. It should not reveal the user's account email.
  4. After the user provides the correct code, redirect them to the URL in the next query param.

image
@allanlasser allanlasser added design auth Accounts and authorization labels Dec 9, 2024
@eyeseast eyeseast added this to the Redesign milestone Dec 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auth Accounts and authorization design
Projects
None yet
Milestone
Accounts & Onboarding
Development

No branches or pull requests
2 participants
@eyeseast @allanlasser