Pow API email confirmation flow

Hi all,

I’m currently building a Phoenix API that uses Pow for authentication. I’ve enjoyed working with Pow so far, but I’m at the point where I need to create an email confirmation flow and I’ve found this document that provides useful information on how to do it. However, the document also points out the following problems:

  • There is currently no “change email” flow
  • There is no login denial for unconfirmed emails
  • There is no way to resend a confirmation email

Before I dive into it, I wanted to check if anyone has managed to overcome these 3 problems and if so, then I’d appreciate any tips or resources. I think the 2nd one should be pretty straightforward, I could just update the session creation call to check for the confirmation status. As for the other two, I think they are connected, because if a user changes their email, then you’d need to (1) reset their confirmation token and confirmation status, (2) then send the new token to their new address.

Any suggestions would be highly appreciated :slight_smile:

Many thanks

1 Like

For re sending confirmation emails you can use the controller from Resend email confirmation link | Pow.

As you said, login denial (better option would be denying authorization, that way users who have not confirmed email can still log in and request re sending of confirmation email)should be easy to implement with a custom plug on routes you want blocked to unconfirmed users.

As for changing email you will have to follow Pow.Phoenix.RegistrationController.update/2 as it triggers the confirmation email if it is updated.

1 Like

Excellent, thank you!