Email address management

Once signed up, users are able to modify their email address. During the email sign up workflow, the user must supply a valid and unique email address. Outside of LITE users, or accounts which use SMS as a primary identifier, emails are the primary unique identifier.

Multiple emails

Users can authenticate with their primary email address or any email associated with a social provider, providing the email addresses are different.

If an email is linked to a user profile by a social provider, another profile cannot be created with the same social provider email.

  • Scenario 1

  • Scenario 2

Logging in with different emails

Alice signs up with her primary email address:

alice@example.com

Later, she logs in using Google, which provides a different email:

alice.work@gmail.com

Since these email addresses are different, both are linked to Alice’s profile. She can authenticate with either email without issue.

Two users trying to use the same social email

Jack creates an account with his primary email:

jack@example.com

Later, he logs in using Facebook, which provides a different email:

jack.fb@gmail.com

At this point, jack.fb@gmail.com is tied to Jack’s profile.

If another user, Patrice, tries to create an account using Facebook and is assigned the same email (jack.fb@gmail.com), the system prevents her from doing so because that email is already linked to Jack’s profile.

Changing email address (when logged in)

Users can modify the email address used as their primary user identifier through the update email flow as well as through the Update email address endpoint. If the email they input is valid, users are sent an email to go through the update email flow. The email contains a link and a code that guides the user back to a page where the ReachFive SDK is installed. The code contained in the link is automatically verified by the SDK.

Unverified emails

If the email being updated is unverified, the user’s email is updated immediately.

Verified emails

If the email being updated is verified, the user must click on the verification link sent in the email to finish the update email flow. Users won’t be able to use the new email for authentication until it is verified.

If the code is erroneous, the page will contain an error that is explained by the following message: "invalid verification code".

As a security precaution, we recommend that your users log in again before accessing the update email flow.

Validation

When the user inputs their new email address, we check that:

  • The input matches a valid email format. Example: name@email.com.

    If the format is invalid, the user receives an HTTP 400 "Valid email required" error response.

  • The email address does not already exist in the ReachFive account.

    If the email already exists, the user receives an HTTP 400 "Email already in use" error response.