Skip to main content
important

This is a contributors guide and NOT a user guide. Please visit these docs if you are using or evaluating SuperTokens.

Only add validators in REQUIRED mode in the email verification recipe

Status

This is just a proposal so far, it hasn't been accepted and needs further discussion.

Status:
proposed
Deciders:
rishabhpoddar, porcellus
Proposed by:
porcellus
Created:
2022-12-01

Context and Problem Statement#

The new hasAccess function (see this decision) would return hasAccess: false for a session with an unverified email even in OPTIONAL mode (and always in web-js) currently.

Considered Options#

  • Add invalidClaims to the hasAccess: true return type of hasAccess
  • Only add validators in REQUIRED mode in the email verification recipe

Decision Outcome#

We should only add validators in REQUIRED mode in the email verification recipes, because:

  • hasAccess: true with invalid claims seems a bit weird.
  • It would complicate claims further if we allowed them to only optionally disallow access.

As a consequence:

  • We should add mode param to the email verification recipe in web-js.
  • In both SDKs, the OPTIONAL mode should not add the email verification claim to the global claim validators.