Fantastic tutorial. Didn't mention things like User signup/login which is great considering most people who are looking for user email auth have that already completed. Concise, clear and very useful. Thanks Ben!

i really wish if the whole app had videos , thank you so much for your effort

Was just going to implement this into my own project & i was looking for ways how to do it. Nice share! Cloning it now to see how it all fits together. Cheerz!

Awesome video! I would like to throw out an opinion if that's alright. If you're still a small platform, it's probably better to allow your user some time on the platform without confirming their account + maybe 1 sign in without confirming. This is because going to one's email account is an additional step, which creates friction, and if they don't necessarily know what you're about (you're a small platform, after all) then that might be enough to make them forget about. So for most of us, after they attempt to register an email, I would create an account for them in the db with a confirmation field showing the number of successful sign-in's prior to confirmation, as well as how much time has passed since they created their account. If this time passes, use client side JS to log them out, and server side to keep them logged out until they confirm. The nice thing about this approach is that the user can start using your product quicker, and hopefully *want* to keep using it. At that point, verifying their account doesn't seem as arduous. Also, I recommend setting permissions on the various (paid) services on your platform to push them in that direction. For example, you can't complete any purchases until your account is verified, or something like that. If you really wanna push people a little more vigorously, I'd suggest having a fixed bar at the top that "moderately" breaks the theme of your site (indirectly make them wanna get rid of the eye sore) and use that as a reminder to get confirm their account. You may choose to display this indefinitely, or perhaps only until some eventual timeout. If I join a platform and spend 30 minutes doing stuff on it, I'm more likely to confirm my account. Obviously, platforms like Instagram have the luxury of forcing you to confirm or else lose your account. That might be the way to go if you're a bigger platform. Oh, and I guess one bonus tip is that if the user doesn't confirm their email within some time of signing out or failing to sign back in (they've used up their unconfirmed sign-in's), then consider them disinterested, and send them an email notifying them that they have x time to confirm their account, or it will be deleted. Don't be pushy about it. Your platform isn't for everyone, and that's okay. Those that wanna vibe in your corner of the internet will stick with you. Hope my suggestions help someone. I'm a founder working on JobParty, which is essentially "Twitch for jobs". With JobParty, you can livestream your skills, get rated, and get matched with amazing, highly relevant, opportunities". I hope to share my experience building a shiny, useful thing for cool people that are tired of throwing resumes into the digital void. I've applied to 100's of companies online and can confirm that looking for a job is, in fact, a job. Now you can stream your skills and demonstrate your ability, and go straight to the interview stage. No more applications! You can check out my project at jobParty.co, or not. No pressure. That said, feedback would be awesome! The MVP launches in the about 50 days!

I'd love to see an updated version

Awesome vid! My only question is why put the confirmation endpoint outside of the graphql layer? Is there a benefit/is it hard to hit a graphql endpoint from an tag?

Awesome, yeah I was wondering a little about JWT, but was thinking UUID was simpler. But I've now changed my mind. Thank you!

I see you are storing data in database until user confirms the email address. Let's say I'm a malicious user and I just register thousands of emails without confirmation. In that case you are storing unnecessary data in your db. Is there any other best place to store data until email confirmation?

Thanks Mr. B.. this really helped. keep up the good work

Hey Ben, wouldn't this cause an issue if you allow users to change their email? For example, if a user set their email and the confirmation is sent, but they then changed their email and then clicked the confirmation link from when they first set their email. This would set the confirmed property to true for whatever email address they changed it to without needing a confirmation. You could put the email in the jwt, and then check that it matches the users email on confimation, but this would expose the user's email in the url since jwts are readable. The only solution I can think of is to set a property on the user of when they last changed their email. So, if the time of email change is after the token iat (the time the token was issued at) then you would decline the confirmation.

Thanks for your help! Works excellent :D

Thank you for this tutorial, your both methods work perfectly. However only the asynchronous method (with try catch) work in production (tested in Vercel)

pretty good but i dont understand why it doesnt work for me. JWT signed tokens have dots seperating 3 sections of the token, when i click the link that i send with email , it tells me page doesnt exist, but when i remove the dots , it gets me to my localhost page

Nice feature Ben!

Thank you so much, that worked very well for me

thank you, the example is really good !

Thank you so much for this tutorial

I was looking for that👍👍👍

Thank you so much for this!

If you're not awaiting, then it's happening synchronously not ASYNCHronously... right?

Bro Best Best Best Video , for email verification

Thanks man!.. A big help

Hello, thanks for the effort man ,but im just begining and developping an app and i have a question. What is the resolver.js i dd understood. I have like my modals, my routes, my controllers and my reducers! tell where should i put the nodemailer setup to send the email ?

Hi Ben. Thank you so much for your tutorials. Can you please show what can we do for auth and authorization in react native apps that also use graphql and express on the backend? Should we use firebase or better to stay away from it?

Nice video. So useful :)

Hello Ben, I just wanted to know what would happen if the token expires and there is no confirmation. By the time they register their account again, the account would already be registered from previous try. thanks

So if we tie this to frontend, we would have to just send a GET request to that route? Bad idea to send client directly to backend endpoint?

Can we use a similar strategy for Forgot password link?

Hi I am trying to learn this, so far I can create, modify users and delete them. I need to verify them. I have a client and a server side set up, all these has to be done on the server side correct? Do you also have a tutorial that will catch the error on the server side and send it to the client side? Thanks.

you should implement for the new participants Thanks

Hi Ben, what process do you recommend for recovering password? I'm thinking of sending a token that's saved in the database, send email with a link having the token in it. Validate it in the graphql backend boilerplate and check the token with the one in the database, if they match then I'll redirect the user to the front-end plus a variable in the URL. If this variable corresponds with a frontend variable then we can redirect it to a page that asks for a new password and a confirm password. If they match then update password in the database and redirect to the members area. What do you think of this approach?

man, thanks for sharing this :)

How did you created email secret?

I appreciate the work, but would be more clear if the Github code provided was self contained and not part of the big app that it is. Hard to know what to extract from these giant blocks.

2:29 I got an error: Cannot fimd name 'DataTypes'. ts(2304)

How to debug this code?

is there no easy way for this? im beginner and this is very frustating to understand. Too many unfamiliar code :((

What is "jwt"?

thank you

Nice video. I ran it and there was a period in my hash. Is this ok for URLs or how do we prevent that?

Hi Ben, thank you for the video. I am testing it in my website. Everything works, I am sending the token on the email, I receive the email in the gmail account, when I click on the token link, it redirects me to the confirmation page, but user.confirmed is not being changed. I noticed you put the GET request for the '/confirmation/:emailtoken' in the index file. In my case I have all my routers in a separate folder. I am wondering how the web page(http:localhost:3000/confirmation/:emailtoken) calls/connects to the get request when I click on it. Because the connection is not happening in the backend, therefore, user.confirmed is not being updated

Yo, Ben! Attempting to add Nodemailer to my app for validating a registration. I wanted to make use of this app.get("/confirmation/:token ... code in my index,js. I'm close. The email gets sent out fine, but when I click on the URL link, I'm getting an error on the server. Never gets the chance to redirect to the login page. "Unhandled promise rejection (rejection id: 1): Error: Can't set headers after they are sent." I've Googled this, and it seems I've sent the headers twice. The beginnings of my app are somewhat based off your Slack Clone, so the client and server are very similar when it come to the register and login pieces. Any thoughts on where I should be looking?

Do you have an updated project? Packages are out of date and it won't npm install properly. Thank you for the video!

Mega nocie

I do neen some help with money ,to able to live life so peacefully and harmony in place

where did you generate EMAIL_SECRET ?

I love u

great

why i can't run your project :(

6:00

❤

Hi Ben, what will be the server path if im on Heroku my front end is react example this is the url/path that I've set in my server.js example.herokuapp.com/confirmation/${emailToken} and this url that I have redirect it with example.herokuapp.com but it doesnt redirect to the said path it just stays in the server path that I've set. This is working on my local machine the path is localhost:5000 on my server and localhost 3000 in my react app

Sur bedan

and please code if from beginning, it is very hard to understand likethis

are you even sending a mail ?, i am very confused because of this 10 minute mail..., can you please show us with real email id