Closed jvgeee closed 4 months ago
Solving this myself cos it's really hard to find documentation anywhere on this:
The issue is that when you sign someone up/in with passwordless, it creates a code-challenge on the browser they signed up from. This is matched to the code answer the magic link provides.
So it seems like you simply can't sign up a user from your server / API with a magic link and log them in on their own device.
wait so this functionality is essentially broken?
Bug report
Describe the bug
I'm running a NextJS server to sell products. When my user buys a product with Stripe, I have a webhook which receives the payment info and client info (email + name).
I want to sign the user up and send them a magic link after they make a purchase. From what I can see, this has to happen from within my webhook code.
I'm doing:
This works fine and the link successfully goes to the user's email. HOWEVER, when the user clicks the link, my callback handler does:
there is NO code sent from Supabase, it's null. When I sign up a user from the client side of the website then the code works fine.
I also see this error in my supabase logs:
{"component":"api","error":"401: invalid claim: missing sub claim","level":"info","method":"GET","msg":"401: invalid claim: missing sub claim","path":"/user","referer":"http://localhost:3000/","remote_addr":"XXX","time":"2024-01-12T00:54:59Z","timestamp":"2024-01-12T00:54:59Z"}