[Enhancement] Simplify Custom Email Verification Process

[Phenek]

[Enhancement] Simplify Custom Email Verification Process

Description

The current process for custom email verification during sign-up or password reset user journeys requires a REST API endpoint for sending and verifying the email address. This process includes:

• REST API to send the email verification with the TOTP code
• REST API to verify the email address with the TOTP code
• HTML page with JavaScript code that calls the REST API endpoint to send and verify the email address
• Custom policy that includes a claim type that collects the TOPT code from the user, and a validation technical profile that calls the verify endpoint.

This process seems overly complex and prone to email flooding vulnerabilities due to the use of a client-side JavaScript POST request to send emails.

Proposal

Instead of going through this complex procedure, shouldn't it be as simple as changing the HTML template on the Azure portal side of the User Flows pages? This would potentially make the process more secure and user-friendly.

Benefits

Making this change would not only simplify the verification process but also enhance the overall user experience and the platform's security. This could reduce the potential for email flooding vulnerabilities and make it easier for administrators to manage and update email verification settings.

Looking forward to your feedback on this proposal.