i have a basic node.js / Express server using express-stormpath for user authentication. everything works beautifully without email verification. obviously, email verification is desirable for many reasons, but my email-verified users are unable to use the standard login flow for restricted routes.
specific example on a custom route i have:
app.get('/myaccount', stormpath.loginRequired, function(req,
res.send('Your email address is: ' + req.user.email);});
this route works perfectly for users that registered before email verification.
however, it's broken for users that signed up after email verification. these users received an email, clicked the link, got the confirmation screen ("You account was successfully verified and is ready for use"), and are marked as 'Enabled' in my Stormpath dashboard.
specifically, if they enter the correct password, they are sent to http://glacial-hollows-8156.herokuapp.com/login?next=%2Fmyaccount again, which presents the login screen once more, ad infinitum. if they enter an incorrect password, they get the standard error telling them so
any ideas? perhaps email-verified accounts are not being initialized correctly? the behavior is also the same for Stormpath-provided routes like '/me', so i don't think its my route. as i turn email verification on and off, /myaccount keeps working for non email-verified users, and always breaks in this manner for the email-verified users
this was a config issue with 'Link Base URL' on the stormpath dashboard
it had defaulted to 'https://api.stormpath.com/emailVerificationTokens', which verifies users - although they can't actually log in
instead, change 'Link Base URL' to http://localhost:3000/verify
note that this link is totally out of date, despite being only 3 months old... https://stormpath.com/blog/how-to-add-billing-to-your-api/ do not bother trying to use /verified