When resetting a user's password with an email template which has a URL defining the type value as recovery, and using the verifyOtp method to process the token_hash and type, the SSR server client's onAuthStateChange function does not recognize the PASSWORD_RECOVERY event that verifyOtp fires. This prevents the code here from running; resulting in the new session not being saved to cookies, and the user is not considered logged in.
J0
commented
4 months ago
What kind of change does this PR introduce?
Bug fix
What is the current behavior?
When resetting a user's password with an email template which has a URL defining the
typevalue asrecovery, and using theverifyOtpmethod to process the token_hash and type, the SSR server client'sonAuthStateChangefunction does not recognize thePASSWORD_RECOVERYevent that verifyOtp fires. This prevents the code here from running; resulting in the new session not being saved to cookies, and the user is not considered logged in.Fixes #21
What is the new behavior?
User is logged in.
Additional context
Replaces PR #24