Password authentication is missing email_verification_id in unverified email exception

[chan-vince]

The AuthorizationException exception raised when trying to sign in with an unverified email is missing key information to be able to do custom verification of the user.

1. Ensure password authentication is enabled.
2. Invite a new user so they are in an organization, but do not have a verified email address yet.
3. Call the authenticate_with_password() API. It will return an AuthorizationException and I was expecting to be able to get the email_verification_id from it, in order to use get_email_verification() to retrieve the code and do our own custom emails. However email_verification_id is missing from the exception.

When doing the equivalent of authenticate_with_password() with the REST API via curl, it does actually return email_verification_id:

➜ curl --request POST \
  --url https://api.workos.com/user_management/authenticate \
  --header "Content-Type: application/json" \
  -d @- <<BODY
  {
    "client_id": "client_123456789",
    "client_secret": "sk_test_somelongchars",
    "grant_type": "password",
    "email": "[email protected]",
    "password": "mypassword"
}
BODY
{"code":"email_verification_required","message":"Email ownership must be verified before authentication.","email":"[email protected]","pending_authentication_token":"GODRifg8dOiqJzuNrxp7y0nLP","email_verification_id":"email_verification_01J45GMD0K8XJE48Z3QNKBRWTB"}

Am I mistaken for expecting the python sdk to match the curl response, or am I missing something?

[chan-vince]

I can get around this issue by reading the response text directly through the exception:

json.loads(exc.response.text)["email_verification_id"]

but I was expecting to be able to just do exc.email_verification_id just like I can do exc.pending_authentication_token for example.

[PaulAsjes]

Sorry for the delay here, we've confirmed the problem and are working on a fix!