Bug report

[x] I confirm this is a bug with Supabase, not with my own application.
[x] I confirm I have searched the Docs, GitHub Discussions, and Discord.

Describe the bug

After updating the user's email using supabase.auth.updateUser, the email confirmation is sent to both the old and new email addresses. However, after confirming the new email and attempting to log in with it, login fails. Checking the database reveals that the auth.users table still shows the old email, and the email_change field is populated with the new email. This inconsistency prevents logging in with the new email.

To Reproduce

Steps to reproduce the behavior:

Clone the public repository from GitHub supabase-login-change-email).
Modify src/supabase.ts with your own Supabase URL and token.
pnpm dev -> access http://localhost:3000
Sign up using the "Sign Up" button (toSignUp).
Confirm the sign-up link sent to your email and log in.
Confirm you see "This is Authenticated area."
In the authenticated area, use the form at the bottom to enter a new email address and submit.
Confirmation links are sent to both the old and new email addresses.
Click the confirmation link for the new email (it redirects to http://localhost:3000).
Log out and attempt to log in with the new email.
Login fails with the new email but works with the old one.

Expected behavior

After confirming the new email address, I expected to be able to log in with the new email. The auth.users table should update the email field with the new email, and the session should reflect this as well.

System information

OS: [Ubuntu22.04]
Browser (if applies) [chrome]
Version of supabase-js: [2.45.4]
Version of Node.js: [20.17.0]

Additional context

Upon checking the auth.users table, the email field remains as the old email, while the email_change field holds the new email. The session information also reflects this, preventing login with the new email address.

supabase / auth-js

Unable to Log in with New Email After Email Update Confirmation in Supabase #971