diff --git a/lib/index.js b/lib/index.js
index d2c2a34..210ef62 100644
--- a/lib/index.js
+++ b/lib/index.js
@@ -83,10 +83,12 @@ PocketId.express = function (opts) {
         }
         req.user.iss = scheme + "//" + iss.replace(/https?:\/\//, "");
 
-        await addEmail(req).catch(function (err) {
+        var emailInfo = await addEmail(req).catch(function (err) {
             // what to do with this error?
             console.warn("[pocketid.express.request-email] Error:", err);
         });
+        Object.assign(req.user, emailInfo || {});
+        console.log("authz-user:", req.user);
         next();
     }
 
@@ -96,8 +98,7 @@ PocketId.express = function (opts) {
 async function addEmail(req) {
     if (submails[req.user.sid]) {
         // TODO keep email cached longer than token expiration?
-        Object.assign(req.user, submails[req.user.sid]);
-        return;
+        return submails[req.user.sid];
     }
 
     var resp = await Request({
@@ -114,9 +115,14 @@ async function addEmail(req) {
             verifiedAt: result.verified_at,
             createdAt: new Date().toISOString(),
         };
+        return submails[req.user.sid];
     }
-    Object.assign(req.user, submails[req.user.jit] || {});
-    console.log("authz-user:", req.user);
+    if (result.unverified_email) {
+        return {
+            unverifiedEmail: result.unverified_email,
+        };
+    }
+    return null;
 }
 
 PocketId.refreshToken = function (opts) {