diff --git a/auth/email.py b/auth/email.py
index b282d78b..17f4b7f7 100644
--- a/auth/email.py
+++ b/auth/email.py
@@ -1,10 +1,10 @@
 import requests
-from starlette.responses import PlainTextResponse
+from starlette.responses import RedirectResponse
 from starlette.exceptions import HTTPException
 
 from auth.authenticate import EmailAuthenticate, ResetPassword
 
-from settings import BACKEND_URL, MAILGUN_API_KEY, MAILGUN_DOMAIN, RESET_PWD_URL
+from settings import BACKEND_URL, MAILGUN_API_KEY, MAILGUN_DOMAIN, RESET_PWD_URL, CONFIRM_EMAIL_URL
 
 MAILGUN_API_URL = "https://api.mailgun.net/v3/%s/messages" % (MAILGUN_DOMAIN)
 MAILGUN_FROM = "postmaster <postmaster@%s>" % (MAILGUN_DOMAIN)
@@ -28,7 +28,7 @@ async def send_reset_password_email(user):
 
 async def send_email(user, url, text, token):
 	to = "%s <%s>" % (user.username, user.email)
-	url_with_token = "%s/%s" % (url, token)
+	url_with_token = "%s?token=%s" % (url, token)
 	text = text % (url_with_token)
 	response = requests.post(
 		MAILGUN_API_URL,
@@ -46,5 +46,14 @@ async def email_authorize(request):
 	token = request.query_params.get('token')
 	if not token:
 		raise HTTPException(500, "invalid url")
+
 	auth_token, user = await EmailAuthenticate.authenticate(token)
-	return PlainTextResponse(auth_token)
+	
+	if not user.emailConfirmed:
+		with local_session() as session:
+			user.emailConfirmed = True
+			session.commit()
+
+	response = RedirectResponse(url = CONFIRM_EMAIL_URL)
+	response.set_cookie("token", auth_token)
+	return response
diff --git a/resolvers/auth.py b/resolvers/auth.py
index 456fb3c3..3af63e79 100644
--- a/resolvers/auth.py
+++ b/resolvers/auth.py
@@ -46,14 +46,9 @@ async def register(*_, email: str, password: str = ""):
 		session.add(user)
 		session.commit()
 
-	await UserStorage.add_user(user)
+	await send_confirm_email(user)
 
-	if not password:
-		await send_confirm_email(user)
-		return { "user": user }
-
-	token = await Authorize.authorize(user)
-	return {"user": user, "token": token }
+	return { "user": user }
 
 @mutation.field("requestPasswordUpdate")
 async def request_password_update(_, info, email):
@@ -95,6 +90,9 @@ async def login(_, info: GraphQLResolveInfo, email: str, password: str = ""):
 		await send_auth_email(orm_user)
 		return {}
 
+	if not orm_user.emailConfirmed:
+		return {"error" : "email not confirmed"}
+
 	try:
 		device = info.context["request"].headers['device']
 	except KeyError:
diff --git a/settings.py b/settings.py
index 3998a99f..885fab7f 100644
--- a/settings.py
+++ b/settings.py
@@ -7,6 +7,7 @@ INBOX_SERVICE_PORT = 8081
 BACKEND_URL = environ.get("BACKEND_URL") or "https://localhost:8080"
 OAUTH_CALLBACK_URL = environ.get("OAUTH_CALLBACK_URL") or "https://localhost:8080"
 RESET_PWD_URL = environ.get("RESET_PWD_URL") or "https://localhost:8080/reset_pwd"
+CONFIRM_EMAIL_URL = environ.get("CONFIRM_EMAIL_URL") or "https://new.discours.io"
 
 DB_URL = environ.get("DATABASE_URL") or environ.get("DB_URL") or "sqlite:///db.sqlite3"
 JWT_ALGORITHM = "HS256"