diff --git a/edb/server/protocol/auth_ext/http.py b/edb/server/protocol/auth_ext/http.py
index cc5c9698de..b8ff892340 100644
--- a/edb/server/protocol/auth_ext/http.py
+++ b/edb/server/protocol/auth_ext/http.py
@@ -667,7 +667,7 @@ async def handle_resend_verification_email(
             )
         elif "email" in data:
             email = data["email"]
-            maybe_challenge = None
+            maybe_challenge = data.get("challenge", data.get("code_challenge"))
             maybe_redirect_to = data.get("redirect_to")
             if maybe_redirect_to and not self._is_url_allowed(
                 maybe_redirect_to
diff --git a/tests/test_http_ext_auth.py b/tests/test_http_ext_auth.py
index eacf71b21f..2949b0d2eb 100644
--- a/tests/test_http_ext_auth.py
+++ b/tests/test_http_ext_auth.py
@@ -2900,7 +2900,7 @@ async def test_http_auth_ext_local_password_authenticate_01(self):
                 auth_data_redirect_on_failure["redirect_on_failure"],
             )
 
-    async def test_http_auth_ext_resend_verification_email_with_token(self):
+    async def test_http_auth_ext_resend_verification_email(self):
         with self.http_con() as http_con:
             # Register a new user
             provider_config = await self.get_builtin_provider_config_by_name(
@@ -2986,6 +2986,40 @@ async def test_http_auth_ext_resend_verification_email_with_token(self):
 
             self.assertEqual(status, 200)
 
+            # Resend verification email with email and challenge
+            resend_data = {
+                "provider": form_data["provider"],
+                "email": email,
+                "challenge": form_data["challenge"],
+            }
+            resend_data_encoded = urllib.parse.urlencode(resend_data).encode()
+            _, _, status = self.http_con_request(
+                http_con,
+                None,
+                path="resend-verification-email",
+                method="POST",
+                body=resend_data_encoded,
+                headers={"Content-Type": "application/x-www-form-urlencoded"},
+            )
+            self.assertEqual(status, 200)
+
+            # Resend verification email with email and code_challenge
+            resend_data = {
+                "provider": form_data["provider"],
+                "email": email,
+                "code_challenge": form_data["challenge"],
+            }
+            resend_data_encoded = urllib.parse.urlencode(resend_data).encode()
+            _, _, status = self.http_con_request(
+                http_con,
+                None,
+                path="resend-verification-email",
+                method="POST",
+                body=resend_data_encoded,
+                headers={"Content-Type": "application/x-www-form-urlencoded"},
+            )
+            self.assertEqual(status, 200)
+
             # Resend verification email with no email or token
             resend_data = {
                 "provider": form_data["provider"],