00:00 Right now, when the user wants to sign up, they can go to marty.example.com, and it will send them right over to onboarding. But they haven't actually verified their e-mail at this point. So we don't want to put the verified e-mail in the verification storage until it's actually been verified. So we've actually created a slash verify route that we're going to be using.

00:19 So if we go to verify, then we've got this route already set up for you by Kelly, the co-worker. Thank you, Kelly. Your job is to make it so that we redirect here instead, but also that we send the user an e-mail that includes the verification code. In addition, this verify URL should have

00:39 a couple of properties in the search params, and those will be used to fill in some values here like our target and a redirect to, and there's our CSRF in there as well. So the important thing here is that we need to

00:58 pre-fill a couple of the values in here using search params. You're going to actually be making two different URLs. You have the URL that you redirect the user to once they've set things in, so that it pre-fills the target and the type. Then you'll have an additional URL that's similar to that,

01:17 but also adds a pre-filled code, and then that code can be used to pre-fill this code value and actually verify the user. So you're going to generate a one-time password and all the verification information there. You're going to create a verification in the database, so that that is saved on our end,

01:35 including the secret and all the other information or configuration for verification. Then you're going to create two URLs, one that is where we send the user to, and then another that we send it to the user that includes the code in the search params. That is what we're doing in this step of the exercise.

01:54 In the next step, we're going to actually work on the verification page or this verify page to actually verify the user. So have a good time with this one.