I'm building an API and a Mobile APP in Xamarin. I don't want to confirm the phone number as I'd have to use Twilio or other SMS providers, instead, I want to confirm an email. At the same time, I don't want to create an email token to be sent to the user with a link to click, as API is not MVC and won't have any views.
Instead, I want a 6 digit code to be emailed to the user and then I will create an endpoint in the API where the user will submit that code via the mobile APP, to confirm the email. For example:
var code = await _userManager.GenerateChangePhoneNumberTokenAsync(newUser, newUser.Email);
This creates the code, notice I am passing users email rather than the phone number. This code is now emailed to the user, and the user enters this in the mobile APP. Then:
var confirmed = await _userManager.VerifyChangePhoneNumberTokenAsync(newUser, code, newUser.Email);
This confirms that the code is correct. The boolean resulting from this I will then use to manually set EmailConfirmed
in the DB to true
It works. Is it acceptable though? Is there any reason why I shouldn't be doing this?