sajad torkamani

Email verification flow

22 May 2025 (Updated 24 October 2025)
On this page
Create database table to track verification requests
Handle successful verification
Handle visiting invalid / expired link

Create database table to track verification requests

Create a email_verification_requests table:

  • Columns
    • id: PK
    • userId: FK
    • token: string
    • createdAt: datetime
    • lastSentAt: datetime
  • Indexes
    • userIdIUnique: UNIQUE
    • token: UNIQUE

Create a sendEmailVerificationLink() function that sends an email with an email verification link. Call this method when the user first registers to send them the link and also when a user manually requests the email verification link to be resent.

Handle successful verification

When a user visits a verification link like http://localhost:3000/auth/verify-email/<token>, check if the <token> is valid (there’s a record in the email_verification_request table with that token.

If so, set a user.emailVerifiedAt column to the verification date and delete the email_verification_request record.

Handle visiting invalid / expired link

Be sure to handle the scenario where a user visits an invalid or expired link.

Tagged: Web dev recipes