Email Verification
AuthFort provides email verification to confirm user email ownership. The flow is programmatic — you control how to deliver verification tokens (email, etc.). AuthFort never sends emails directly.
Verification Flow
Section titled “Verification Flow”-
Generate a verification token
token = await auth.create_email_verification_token(user_id) # Returns token string, or None if already verified / user not foundtoken = await auth.create_email_verification_token(user_id) # Returns token string, or None if already verified / user not foundReturns a random token string, or
Noneif the user is already verified or not found. -
Deliver the token
Register an event hook to deliver the token. AuthFort doesn’t send emails.
@auth.on("email_verification_requested") async def send_verification(event): await send_email( to=event.email, body=f"https://myapp.com/verify?token={event.token}", )@auth.on("email_verification_requested") async def send_verification(event): await send_email( to=event.email, body=f"https://myapp.com/verify?token={event.token}", )Always return a success response to your client regardless of the result to prevent email enumeration.
-
Verify the email
Via the built-in endpoint:
POST /auth/verify-email Content-Type: application/json {"token": "..."}POST /auth/verify-email Content-Type: application/json {"token": "..."}Or programmatically:
result = await auth.verify_email(token) # Returns True, raises AuthError if invalid/expiredresult = await auth.verify_email(token) # Returns True, raises AuthError if invalid/expired
How It Works
Section titled “How It Works”Tokens are single-use and expire after email_verify_ttl seconds (default: 24 hours). After successful verification, the user’s email_verified field is set to True.
Events
Section titled “Events”Emits email_verification_requested (includes token for delivery) and email_verified events.
See Events & Hooks for all events and their payloads.