Clerk’s SSO uses the Open ID Connect protocol (OIDC), which provides an email_verified claim. Identity Providers are supposed to set this to true if they have verified the user’s email. Almost every SSO provider verifies emails, so if a user signs up with a social provider, a second email verification step is unnecessary.

It’s used during sign-in: as a workaround to forgotten password, or as an alternative to passwords altogether.

It’s used during sign-up: usually to prevent spam accounts, or as a requirement before enrolling a user on a mailing list.

Email verification is a foundational and reusable piece of modern authentication:

We could require email verification as soon as a user signs up, or perhaps when the user comes back for the second session. Shifting the onboarding friction from email verification to a later time can make the process much more natural for users. For example, a social media platform can minimize friction during the sign up process so that a user can immediately start to consume content. Later, when the user wants to post content, the platform can verify emails to minimize spam.