diff --git a/src/Api/Controllers/AccountsController.cs b/src/Api/Controllers/AccountsController.cs
index 1f7f77268..3bb25781f 100644
--- a/src/Api/Controllers/AccountsController.cs
+++ b/src/Api/Controllers/AccountsController.cs
@@ -103,7 +103,7 @@ namespace Bit.Api.Controllers
             await Task.Delay(2000);
             throw new BadRequestException(ModelState);
         }
-        
+
         [HttpPost("verify-email")]
         public async Task PostVerifyEmail()
         {
@@ -118,14 +118,26 @@ namespace Bit.Api.Controllers
 
         [HttpPost("verify-email-token")]
         [AllowAnonymous]
-        public async Task PostVerifyEmailToken()
+        public async Task PostVerifyEmailToken([FromBody]VerifyEmailRequestModel model)
         {
-            var user = await _userService.GetUserByIdAsync(new Guid());
+            var user = await _userService.GetUserByIdAsync(new Guid(model.UserId));
             if(user == null)
             {
                 throw new UnauthorizedAccessException();
             }
-            await _userService.ConfirmEmailAsync(user, "");
+            var result = await _userService.ConfirmEmailAsync(user, model.Token);
+            if(result.Succeeded)
+            {
+                return;
+            }
+
+            foreach(var error in result.Errors)
+            {
+                ModelState.AddModelError(string.Empty, error.Description);
+            }
+
+            await Task.Delay(2000);
+            throw new BadRequestException(ModelState);
         }
 
         [HttpPut("password")]
diff --git a/src/Api/Startup.cs b/src/Api/Startup.cs
index d68fa9576..2c80a0a60 100644
--- a/src/Api/Startup.cs
+++ b/src/Api/Startup.cs
@@ -205,7 +205,7 @@ namespace Bit.Api
             else
             {
                 //return $"http://localhost:{port}";
-                return $"http://192.168.1.6:{port}"; // Desktop external
+                return $"http://192.168.1.4:{port}"; // Desktop external
             }
         }
     }
diff --git a/src/Core/Identity/UserStore.cs b/src/Core/Identity/UserStore.cs
index 7a53ef923..7278028d4 100644
--- a/src/Core/Identity/UserStore.cs
+++ b/src/Core/Identity/UserStore.cs
@@ -80,7 +80,7 @@ namespace Bit.Core.Identity
 
         public Task<bool> GetEmailConfirmedAsync(User user, CancellationToken cancellationToken = default(CancellationToken))
         {
-            return Task.FromResult(true); // all emails are confirmed
+            return Task.FromResult(user.EmailVerified);
         }
 
         public Task<string> GetNormalizedEmailAsync(User user, CancellationToken cancellationToken = default(CancellationToken))
@@ -121,7 +121,7 @@ namespace Bit.Core.Identity
 
         public Task SetEmailConfirmedAsync(User user, bool confirmed, CancellationToken cancellationToken = default(CancellationToken))
         {
-            // do nothing
+            user.EmailVerified = confirmed;
             return Task.FromResult(0);
         }
 
diff --git a/src/Core/Models/Api/Request/Accounts/VerifyEmailRequestModel.cs b/src/Core/Models/Api/Request/Accounts/VerifyEmailRequestModel.cs
new file mode 100644
index 000000000..e6c6fce80
--- /dev/null
+++ b/src/Core/Models/Api/Request/Accounts/VerifyEmailRequestModel.cs
@@ -0,0 +1,12 @@
+using System.ComponentModel.DataAnnotations;
+
+namespace Bit.Core.Models.Api
+{
+    public class VerifyEmailRequestModel
+    {
+        [Required]
+        public string UserId { get; set; }
+        [Required]
+        public string Token { get; set; }
+    }
+}
diff --git a/src/Core/Services/Implementations/RazorViewMailService.cs b/src/Core/Services/Implementations/RazorViewMailService.cs
index 7da465c07..6231d7918 100644
--- a/src/Core/Services/Implementations/RazorViewMailService.cs
+++ b/src/Core/Services/Implementations/RazorViewMailService.cs
@@ -35,7 +35,7 @@ namespace Bit.Core.Services
             var message = CreateDefaultMessage("Verify Your Email", email);
             var model = new VerifyEmailModel
             {
-                Token = token,
+                Token = WebUtility.UrlEncode(token),
                 UserId = userId,
                 WebVaultUrl = _globalSettings.BaseVaultUri,
                 SiteName = _globalSettings.SiteName
diff --git a/src/Core/Services/Implementations/UserService.cs b/src/Core/Services/Implementations/UserService.cs
index 5b6fc9527..92c871dbb 100644
--- a/src/Core/Services/Implementations/UserService.cs
+++ b/src/Core/Services/Implementations/UserService.cs
@@ -294,7 +294,7 @@ namespace Bit.Core.Services
         {
             if(user.EmailVerified)
             {
-                throw new BadRequestException("Email already verifed.");
+                throw new BadRequestException("Email already verified.");
             }
 
             var token = await base.GenerateEmailConfirmationTokenAsync(user);
diff --git a/src/Core/Utilities/ServiceCollectionExtensions.cs b/src/Core/Utilities/ServiceCollectionExtensions.cs
index a063428a0..8e546a96a 100644
--- a/src/Core/Utilities/ServiceCollectionExtensions.cs
+++ b/src/Core/Utilities/ServiceCollectionExtensions.cs
@@ -103,6 +103,7 @@ namespace Bit.Core.Utilities
             identityBuilder
                 .AddUserStore<UserStore>()
                 .AddRoleStore<RoleStore>()
+                .AddTokenProvider<DataProtectorTokenProvider<User>>(TokenOptions.DefaultProvider)
                 .AddTokenProvider<AuthenticatorTokenProvider>(TwoFactorProviderType.Authenticator.ToString())
                 .AddTokenProvider<YubicoOtpTokenProvider>(TwoFactorProviderType.YubiKey.ToString())
                 .AddTokenProvider<DuoWebTokenProvider>(TwoFactorProviderType.Duo.ToString())