OAuth Login Does Not Automatically Send Verification Email
If you have enabled OAuth login for social sign on (I've only tried Google), and you also have email verification enabled, the user does not automatically get sent an email when they reach the verification screen. They can click the link and the email will be sent but it is not automatically sent upon loading the page.
Hey!
You're right, by default, the verification email isn't sent automatically when using OAuth login with email verification enabled. However, in most setups, social logins like Google already verify the user's email, so it's common to mark the email as verified during account creation (e.g., using email_verified_at):
private function createUser($socialiteUser)
{
return app(config('auth.providers.users.model'))->create([
'name' => $socialiteUser->getName(),
'email' => $socialiteUser->getEmail(),
'email_verified_at' => now(),
]);
}
If you're only using social login, you may not need to require email verification at all, since the OAuth provider has already handled that.
That makes sense to not require email verificationn with SSO. However, when I create a new account using Google OAuth, the email_verified_at field remains blank even though my code looks like what you posted above and it's still trying to make me verify. Why is that happening?
Yes, indeed, this is not possible with the current version. But definitely a good idea for a new feature!
I will take a look and try to submit a PR. Do you think that it is ok to:
- Redirect to the /verify page for users who sing up with email
- Skip that redirection for social logins
Or do you envision another workflow?