My supabase authentication settings regarding the password requirements were set to "Lowercase, uppercase letters, digits and symbols (recommended)". The minimum password length is set to "8".
I have a simple login form to signIn or signUp a user based on his email address. That flow worked fine as long as I had the password requirements set to "No required characters (default)". As soon as I changed this setting, it breaks the flow to create a new user account with the following error. It's really frustrating, as no potential user was able to sign up for my app and I just noticed it by coincidence.
POST URL: https://mycustomdomain.com/auth/v1/otp?redirect_to=https%3A%2F%mycustomdomain.com
{
"code": 422,
"msg": "Password should contain at least one character of each: abcdefghijklmnopqrstuvwxyz, ABCDEFGHIJKLMNOPQRSTUVWXYZ, 0123456789, !@#$%^\u0026*()_+-=[]{};\\'\\:\"|\u003c\u003e?,./`~.",
"weak_password": {
"reasons": [
"characters"
]
}
}
If the user doesn't exist, signInWithOtp() will signup the user instead. To restrict this behaviour, you can set shouldCreateUser in SignInWithPasswordlessCredentials.options to false.
I explicitly set the shouldCreateUser value to true in the case that a new user should be created.
To Reproduce
Steps to reproduce the behavior, please provide code snippets or a repository:
Go to https://supabase.com/dashboard/project/[PROJECT_REF]/settings/auth
Enable the Password Requiements "Lowercase, uppercase letters, digits and symbols (recommended)"
Try to signUp a not existent email address / user through signInWithOtp according to the docs.
See the error logged in the console.
Expected behavior
If the password requirements are set in the supabase authentication configuration, the signInWithOtp should not check for a password / password requirement if the user account does not exist.
Hi @Unkn0wn0x, this issue has been fixed here and should be rolled out to your project already. If you are still facing the issue, please open a ticket at https://supabase.help
Bug report
Describe the bug
My supabase authentication settings regarding the password requirements were set to "Lowercase, uppercase letters, digits and symbols (recommended)". The minimum password length is set to "8".
I have a simple login form to signIn or signUp a user based on his email address. That flow worked fine as long as I had the password requirements set to "No required characters (default)". As soon as I changed this setting, it breaks the flow to create a new user account with the following error. It's really frustrating, as no potential user was able to sign up for my app and I just noticed it by coincidence.
POST URL:
https://mycustomdomain.com/auth/v1/otp?redirect_to=https%3A%2F%mycustomdomain.com
Payload:
Response:
According to the docs it says:
I explicitly set the
shouldCreateUser
value totrue
in the case that a new user should be created.To Reproduce
Steps to reproduce the behavior, please provide code snippets or a repository:
https://supabase.com/dashboard/project/[PROJECT_REF]/settings/auth
signInWithOtp
according to the docs.Expected behavior
If the password requirements are set in the supabase authentication configuration, the
signInWithOtp
should not check for a password / password requirement if the user account does not exist.Additional information
"@supabase/supabase-js": "^2.39.2"