fix(auth): require email verification for OAuth #1518

steebchen · 2026-01-27T18:19:07Z

Summary

Don't trust OAuth provider's email verification status
For OAuth signups (GitHub, etc.), explicitly set emailVerified to false
Send verification email using existing email flow (Better Auth's sendVerificationEmail API)

Test plan

Sign up with GitHub OAuth in hosted mode
Verify emailVerified is set to false in database
Verify verification email is sent
Click verification link and confirm emailVerified becomes true

🤖 Generated with Claude Code

Don't trust OAuth provider's email verification status. For OAuth signups, explicitly set emailVerified to false and send verification email using existing email flow. Co-Authored-By: Claude Opus 4.5 <[email protected]>

fix(auth): require email verification for OAuth

7ef671c

Don't trust OAuth provider's email verification status. For OAuth signups, explicitly set emailVerified to false and send verification email using existing email flow. Co-Authored-By: Claude Opus 4.5 <[email protected]>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(auth): require email verification for OAuth #1518

fix(auth): require email verification for OAuth #1518

Uh oh!

steebchen commented Jan 27, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

fix(auth): require email verification for OAuth #1518

Are you sure you want to change the base?

fix(auth): require email verification for OAuth #1518

Uh oh!

Conversation

steebchen commented Jan 27, 2026

Summary

Test plan

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants