That makes sense. Our WordPress plugin handles email verification in the same way.
If you want to see how the
require_activation value is used by Discourse, have a look at this file: discourse/discourse_single_sign_on.rb at master · discourse/discourse · GitHub. You’ll see that when
require_activation is set to
"false" when a user is first created via SSO, an active user will be created by Discourse. If it is set to
"true", the user will not be activated until they click the link in the Discourse activation email.
Once a user is set to
active on Discourse, the only thing that should cause a user to need to be reactivated is if you have enabled the
sso_overrides_email site setting and the user updates their email address on your SSO provider site.
When set to
require_activation also prevents Discourse from matching existing users to users from your external site based on their email address. This can cause issues when SSO is implemented after users have already been created on the site with username/password account creation.