#email Account verification after customer signup

Has anyone implemented this? Basically email verification of a new account. Appreciate some examples or advice.

Have not done it myself, but one option would be to use metadata. Set something like verified: false in the metadata. When they click on the link in the email you send, that interacts with a custom endpoint that can set verified to true.

We are now working on implementing this. Before I start, has anyone a solution in place? Would that mean in turn I need to check on every call that requires auth that the customer's email is verified?

I believe this functionality should be part of Medusa core as it should affect the ability to login. Otherwise what's the purpose of verifying emails if the user is able to fully access everything even before email is verified

Until this is in core (which it should be), one option could be to save a verification key along the metadata verified flag and allow the user to do anything he wants other than place orders. This would be a soft way to handle this. It's ok to login as unverified user, as a user also needs to have the ability to resend any verification emails and this is one way of handling that, but lock up all the "dangerous/exploitable" stuff behind being verified.

We have done it, has two modes, verified to place order and verified always. It's a bit of a pain to do, I would also prefer it to be in main

Look into password reset logic. you can pretty much copy it

1. issue a token using jwt 2. send email including token as url param . 3. verify token on click on email button and set Boolean to true in the customer table.

I feel like this should be included in the core package at some point. Topic comes up all the time