j4w8n
commented
2 months ago If you look in the auth-js code, the resetPasswordForEmail method is setting a code verifier, and the docs mention using exchangeCodeForSession; however, I don't know how to setup the email template to have the link include the code. Right now, my email template is setup for tokens with /auth/confirm. I'm not sure how that's working with SSR 0.3.0, but it seems we're supposed to be sending it to /auth/callback instead? Or maybe the docs are wrong, idk.
Even when it's working with 0.3.0, the code verifier cookie just sits in the browser, since it never gets used.
https://github.com/supabase/auth-js/blob/master/src/GoTrueClient.ts#L1635
vehm
cipriancaba
Bug report
Describe the bug
Password Recovery flow does not work as expected for
@supabase/ssrv0.4.0, whereas the same code works for v0.3.0. Confirmations, invitations, and magic links seem to work just fine, but password recovery does not. It does not update the session if the type is set to "recovery".To Reproduce
Steps to reproduce the behavior, please provide code snippets or a repository:
{{ .SiteURL }}/auth/confirm?token_hash={{ .TokenHash }}&type=recovery&next=/change-password@supabase/ssris v0.4.0@supabase/ssrto v0.3.0Expected behavior
The password recovery flow for v0.4.0 of
@supabase/ssr, as detailed here, should authenticate the user and redirect them to the "/change-password" page.System information
Additional context
I followed these guides: https://supabase.com/docs/guides/auth/server-side/sveltekit https://supabase.com/docs/guides/auth/passwords?queryGroups=flow&flow=pkce&queryGroups=framework&framework=sveltekit#resetting-a-password
A reference repo using v0.3.0 I used to confirm that the code worked, but updating it to v0.4.0 fails: https://github.com/j4w8n/sveltekit-supabase-ssr