Email verification - always redirects to invalid link page

Im using parse-server-api-mail-adapter

Password reset works but with email verification clicking the button in the email brings me to the invalid verification link page

The url in the emails button is formatted as follows where /v1/api/ is my parse mount point

Im using this custom html template

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />

  <body style="text-align: center">
    <p style="font-weight: bolder; font-size: large">Welcome!</p>
    <p>Click the button below to verify your email address:</p>
    <br />
          background-color: lightskyblue;
          cursor: pointer;
          border-radius: 5px;
          padding: 10px;
          border-style: solid;
          border-width: 2px;
          text-decoration: none;
          font-weight: bolder;
          color: blue;
        Verify email
    <br />

I am using CLP as follows

export const User = {
	className: '_User',
	fields: {
		email: { type: 'String' },
		authData: { type: 'Object' },
		emailVerified: { type: 'Boolean' },
		password: { type: 'String' },
		username: { type: 'String' },
		// firstname: { type: 'String' },
		// lastname: { type: 'String' },
		// picture: { type: 'File' },
		role: { type: 'Pointer', targetClass: '_Role' },
		profile: { type: 'Pointer', targetClass: 'Profile' },
	classLevelPermissions: {
		find: { 'role:super': true },
		count: { 'role:super': true },
		get: { requiresAuthentication: true },
		update: { requiresAuthentication: false },
		create: { 'role:super': true },
		delete: { 'role:super': true },
		addField: {},
		protectedFields: {
			'*': ['authData', 'password', 'username'],

some excerpt from parse server config

verifyUserEmails: true,
serverURL: urls.internalParseUrl,
enforcePrivateUsers: false,
publicServerURL: urls.publicParseUrl,

Any Idea where I am going wrong with this ?

After a ton of breakpoints in parse server figured out the issue is my CLP and protected fields, seems parses internal verifyEmail in UserController cant lookup the user if username is part of protected fields.

I kinda assumed user controller was using masterkey.

Hopefully helps someone else