Error handling for inactive user use cases?

Hi all,

I am using Directus for user management on my app. I’m building a custom email verification flow. What I’m struggling with is dealing with cases where the user account is not active. Ideally I want to catch that and recommend the verification email be resent etc.

What’s the best way to manage this? Is there not a way to return a better error from /auth/login for inactive accounts? It seems that any account status returns a 401 Invalid Credentials. I assume this is intentional, and perhaps based on a security concern I can’t see, but I’m not sure how else to handle this.

My alternative thinking was to set up a static token and check the user against their email prior to login… how are some of you guys handling this scenario?

I think you can handle this with a custom endpoint.

After a failed login hit the custom endpoint passing the email and query if there is an account and if it needs verification. Endpoint then either might return the status for user interaction or immediately trigger a resend.

Not sure tho, how to exactly handle the resend. According to this comment, reregistering the user should send another verification mail. Not sure if this is also true when registering through the API.