signInWithOtp() not returning a Session

[mousindev]

Hi all,

I have a use case where there are some type of users I did not want to sign up at all. My initial assumption was that with OTP I would be able to create a temporary session for a given user without the need of signing the user up, thinking that a session would be created it would be authenticated and be able to take few actions on the platform. When I went into details to implement it I realized that it is not the case and the user always gets signed up.

My next assumption when preparing the middleware to protect some routes was that, as when you signUp() a user you get a Session object as a response, I was expecting to get back a Session object from signInWithOtp() (hoping to distinguish when to allow access to the OTP sign in and when to allow access to the verification route based on if there is a session or not and if there is a session but without a user yet until the verification happens), but again I was wrong in my assumption and reading the GoTrueClient, in all of the cases the return is
return { data: { user: null, session: null, messageId: data?.message_id }, error }

So:

1. Any plans to allow passwordless sessions without the need of signing up a user?
2. Why is this difference in the design between returning a Session when signing up but not when signing in using OTP (which also signs up the user if not existing)? Any plans to return a Session instead pending to be verified with the OTP and then adding the User object to session.user?

Thanks!

[subhanahmed047]

I came across the same situation today.

Here is a bit about my scenario:
A simple booking form that requires a user ID to finish the booking process. If a user is not authenticated, we can simply ask user their email, send them a confirmation link while use the session to complete booking (user can confirm the email on the side to access their bookings).

However, I soon realised that the signInWithOtp function does not return a session which is Odd as the typescript tells a different story:

async signInWithOtp(credentials: SignInWithPasswordlessCredentials): Promise<AuthOtpResponse> {}

/**
 * AuthOtpResponse is returned when OTP is used.
 *
 * {@see AuthRsponse}
 */
export type AuthOtpResponse =
  | {
      data: { user: null; session: null; messageId?: string | null }
      error: null
    }
  | {
      data: { user: null; session: null; messageId?: string | null }
      error: AuthError
    }

I'm wondering if there is an alternative approach for my scenario. Just getting the session back would have been nice.

While the email is being sent, I get:

{
    session: null
    user: null
}