Update auth.route.ts

[clopezpro]

for router /verify-email use router.get, because when im click in link email recibe with token, im recibe mesagge Not found

[saisilinus]

Hey, this isn't a problem with the route or method. If you're getting a 'Not Found' message when you click on the link then the link goes to nowhere. You need to change the link to lead to a real URL. If you check out the sendResetPasswordEmail function, there is a comment that says // replace this url with the link to the reset password page of your front-end app. If you don't replace the URL you are going to get a 404 error.

[clopezpro]

Hey, this isn't a problem with the route or method. If you're getting a 'Not Found' message when you click on the link then the link goes to nowhere. You need to change the link to lead to a real URL. If you check out the sendResetPasswordEmail function, there is a comment that says // replace this url with the link to the reset password page of your front-end app. If you don't replace the URL you are going to get a 404 error.

The link that I open http://localhost:8080/api/auth/verify-email?token=${token} is well configured, when I open it locally it shows not found because it is in the auth.routes.ts file waiting for a POST parameter when I change it to GET works correctly

[clopezpro]

This is okay

but when set POST, recibe

[saisilinus]

Okay. Let me explain the intended workflow and maybe we can iron this out.

1. Send a verification email to your email using the send-verification-email API
2. Once you've gotten the email, click on the link to open the verify-email page for your frontend app. Your app works up to here then the request fails.
3. On the frontend of your app, retrieve the token from the url of the page. For instance, with React Router you can use useParams.
4. Send the POST request to verify-email endpoint with the token as part of the query parameters of the request.
5. Get a confirmation 204 response from the server showing that your email is confirmed.

Where did you encounter a problem while using this workflow? It always works fine for me and I have used it in several apps.

[clopezpro]

Okay. Let me explain the intended workflow and maybe we can iron this out.

1. Send a verification email to your email using the send-verification-email API
2. Once you've gotten the email, click on the link to open the verify-email page for your frontend app. Your app works up to here then the request fails.
3. On the frontend of your app, retrieve the token from the url of the page. For instance, with React Router you can use useParams.
4. Send the POST request to verify-email endpoint with the token as part of the query parameters of the request.
5. Get a confirmation 204 response from the server showing that your email is confirmed.

Where did you encounter a problem while using this workflow? It always works fine for me and I have used it in several apps.

Ok friend, I got it, thank you very much for the time and for developing this template, I was pointing directly to the server's URL and it's true, I can get the token in the frontend route and make the request with post from there and thus confirm the email .

[saisilinus]

Sure :smiley:

[clopezpro]

Sorry, maybe you could answer this question, what would be the best way to store the Refresh Toeken in the front yard? I currently use Nuxt.js and store the data in a cookie but I assume this is not secure, because someone could get the data from cookies, like you do?

[saisilinus]

Hey, I normally just use browser localstorage as that's secure enough for most of my apps. I've heard of other approaches though.

[clopezpro]

I am worried that the refresh token is exposed because if they put in the console localStorage.getItem(key); they can get the token and with postman they can generate more access tokens