ryanhalliday
commented
3 months ago The id is the token (not a numerical ID or similar), which you can see just a bit lower in the inserts:
await db
.insertInto("email_verification_token")
.values({
id: token,
expires: new Date().getTime() + EXPIRES_IN,
user_id: userId
})
.executeTakeFirst();
return token;It only re-uses the token if it less than an hour old.
I don't see any problem here so I think this can be closed.
I am looking at the functions generateEmailVerificationToken and generatePasswordResetToken, both first looking if a token exists, and if not generating a new one. Both return the id of the token if an existing one is found, probably not correct, or is it? They should return the found token string and not its id, am I right?
https://github.com/lucia-auth/examples/blob/f222a98f0c3b363541cdadae9df5fbc9a6c9d76a/nextjs-app/email-and-password/auth/token.ts#L18C58-L18C58
lines 18 and 65