Skip to content

Instantly share code, notes, and snippets.

@eldadfux

eldadfux/README.md

Last active May 1, 2024 14:49
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save eldadfux/2eea9df7cc6dc18b63955dd8b10ad758 to your computer and use it in GitHub Desktop.
Save eldadfux/2eea9df7cc6dc18b63955dd8b10ad758 to your computer and use it in GitHub Desktop.
Download ZIP
Appwrite's Email Verification
Raw
README.md

Appwrite's Email Verification

The Appwrite email verification process helps you verify your project user really owns the email address he has signed up with. The email verification process allows your user to update his user object emailVerification attribute to true.

The email verification process consists of 2 parts:

  1. Sending the confirmation email
  2. Confirming the verification process

By default, unverified users are not restricted in any special way. It's up to you and your app logic to decide how these users are treated. You can prompt them with a verification message or limit their access to your application.

Future possibilities:

From v0.9, You'll also be able to deny unverified users access to your project resources (documents, files, functions, and more) by using the user:[USER_ID]/verified permission role, which is only available to verified users.

Sending the Confirmation Email

To start the process, you have to trigger the accountCreateVerification method from your relevant client SDK. Note that this method is only available for logged-in users. Your user needs to have a valid session to trigger this API call.

Web:

let sdk = new Appwrite();

sdk
    .setEndpoint('https://[HOSTNAME_OR_IP]/v1') // Your API Endpoint
    .setProject('5df5acd0d48c2') // Your project ID
;

let promise = sdk.account.createVerification('https://example.com/callback-page');

promise.then(function (response) {
    console.log(response); // Success
}, function (error) {
    console.log(error); // Failure
});

Flutter:

import 'package:appwrite/appwrite.dart';

void main() { // Init SDK
  Client client = Client();
  Account account = Account(client);

  client
    .setEndpoint('https://[HOSTNAME_OR_IP]/v1') // Your API Endpoint
    .setProject('5df5acd0d48c2') // Your project ID
  ;
  Future result = account.createVerification(
    url: 'https://example.com/callback-page',
  );

  result
    .then((response) {
      print(response);
    }).catchError((error) {
      print(error.response);
  });
}

The createVerification method accepts one parameter, which is the callback URL. The Appwrite backend will use this URL to redirect your user back to your app for completing the verification process after the user has clicked the verification email in his inbox.

The callback URL will be opened for your users with Appwrite attached parameters as query strings. For example, if you used https://example.com/callback-page as the callback page, your user will open a link similar to: https://example.com/callback-page?userId=xxx&secret=yyy. You could use your callback page to complete the verification process or redirect back to your mobile app.

Confirming the Verification Process

Once your user is back in your website or app, you can use both the userId and secret params provided as part of the callback URL to complete the verification using the updateVerification method. Note that this method is only available for logged-in users. Your user needs to have a valid session to trigger this API call.

Web:

let sdk = new Appwrite();

sdk
    .setEndpoint('https://[HOSTNAME_OR_IP]/v1') // Your API Endpoint
    .setProject('5df5acd0d48c2') // Your project ID
;

let promise = sdk.account.updateVerification('[USER_ID]', '[SECRET]');

promise.then(function (response) {
    console.log(response); // Success
}, function (error) {
    console.log(error); // Failure
});

Flutter:

import 'package:appwrite/appwrite.dart';

void main() { // Init SDK
  Client client = Client();
  Account account = Account(client);

  client
    .setEndpoint('https://[HOSTNAME_OR_IP]/v1') // Your API Endpoint
    .setProject('5df5acd0d48c2') // Your project ID
  ;
  Future result = account.updateVerification(
    userId: '[USER_ID]',
    secret: '[SECRET]',
  );

  result
    .then((response) {
      print(response);
    }).catchError((error) {
      print(error.response);
  });
}

Note: for security reasons, the secret token provided to the user by email is valid for seven days.

Abuse Control

Both the verification endpoints are limited to 10 requests every 60 minutes per user account. We use rate limits to avoid service abuse by users and as a security practice. You can learn more about Appwrite rate limiting.

@Akash-Pati
Copy link

Hi Appwrite Team..
Below is just a request to have these feature configured at your end. I am an appwrite user from couple of years .. and one of my client wants to create account with otp email verification instead of URL.. can you please try to integrate it so that would be very useful for everyone.

Thanks and regards
Akash Ranjan Pati

@snr-lab
Copy link

snr-lab commented May 1, 2024

Hi Appwrite Team.. Below is just a request to have these feature configured at your end. I am an appwrite user from couple of years .. and one of my client wants to create account with otp email verification instead of URL.. can you please try to integrate it so that would be very useful for everyone.

Thanks and regards Akash Ranjan Pati

This will be really helpful where the app in available in Android and iOS

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment