Email Address and Mobile Number verification during authentication
The Sign In view of the OpenID Connect authentication process can be configured to ask the user to verify their Email Address or their Mobile Number before they are redirected to the client application.
Configuration
This enforcement of communication method verification can be configured in the OpenID Connect Client editor with these options:
Require verified comm method to authenticate
If one of these options is selected, and an User tries to sign in to your app without having the selected communication method already verified, they are asked to immediately verify it. Immediate verification means they are sent a message with a verification code, and they must enter it on screen. They cannot continue to your app before they have verified all selected communication methods.
If the User doesn’t have an Email address or a Mobile number, but it is required by selection here, the User cannot sign in at all. At the time of this writing the sign in process does not allow the User to enter an address or number in this situation.
Suggest immediate verification with a code during authentication
If an User tries to authenticate and they don’t have the selected communication method verified yet, they are asked to verify it immediately with a code. They can optionally skip the verification.
Suggest verification with a link during authentication
If an User tries to authenticate and they don’t have the selected communication method verified yet, they are asked to verify it later with a code. They can select to send themselves a message containing a verification link. They can also optionally skip the verification. In either case, the user can continue authentication before they have verified their communication method.
Because the link the User receives is opened in another browser window or tab, it would be unreasonable to ask the User to return to the original browser tab afterwards. This is why choosing verification with a link means the user can sign in to your app before their address or number is verified. It is up to your app to detect the verification state and to act accordingly.
URL to direct user after link-based verification
If the verification by link is used, the User will be lead to a page containing a final “Continue” link. It will lead to the URL selected here. It should lead to your app. Your app should check the verification status or the User’s communication methods using the UserInfo endpoint when the User opens this URL.