Is the email verification necessary when using oauth2 provider?

[PredragPeranovic]

Hi,

What is bugging me is that after authenticating using Google as an OAuth2 provider I need to verify my email.

So it looks like this:

1. Open the browser in incognito mode;
2. Hit Login in my app;
3. Click Signup using Google on the Fief login page;
4. Enter Google username and password on Google login page;
5. Confirm Google Two-factor auth on the phone;
6. Confirm my email address for Fief to send me verification code
7. Open the mail client to read Fief verification code
8. Enter the verification code on the web page;
9. Finally I got logged in.

I think that if I add an OAuth2 provider I can trust data from it, so steps 6,7, and 8 are not needed. It will be nice to have the option to disable them.

All best,
and great work so far.

[fief-bailiff[bot]]

Hail, @PredragPeranovic 👋 Welcome to Fief's kingdom!

Our team will get back to you very soon to help.

In the meantime, take a minute to star our repository ⭐️

Farewell!

[frankie567]

Actually, it depends 🙃

Some providers like Google indeed gives the information the email was verified or not. However, some others may not give this information (or don't verify emails at all).

For now, we don't have any specific logic given the provider, so the path is always the same no matter the provider. But this may something we improve in the future.

[PredragPeranovic]

Thanks for the feedback,

I didn't know about providers that don't validate email, because I have only used Google and internal Keycloak.