Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Problem with password reset flow #695

Open
1 of 2 tasks
muezz opened this issue Nov 22, 2023 · 1 comment
Open
1 of 2 tasks

Problem with password reset flow #695

muezz opened this issue Nov 22, 2023 · 1 comment
Labels
bug Something isn't working

Comments

@muezz
Copy link

muezz commented Nov 22, 2023

Bug report

  • I confirm this is a bug with Supabase, not with my own application.
  • I confirm I have searched the Docs, GitHub Discussions, and Discord.

Describe the bug

I am trying to set up password reset flow in Next13 with app router. I get the following error in my Vercel logs:

[AuthApiError]: invalid request: both auth code and code verifier should be non-empty

To Reproduce

  1. User enters their email and triggers the flow using:
export const authRouter = router({
    sendPwdResetEmail: publicProcedure
        .input(z.string().email())
        .mutation(async ({ input }) => {
            const sp = spServerClient();
            const { error } = await sp.auth.resetPasswordForEmail(
                input,
                {redirectTo: 'http://my-domain.io/api/auth/callback'}
            );
            if (error) throw Error(error.message);
        }),
    resetPwd: publicProcedure
        .input(z.string().min(8).max(25))
        .mutation(async ({ input }) => {
            const sp = spServerClient();
            const { error } = await sp.auth.updateUser({password: input});
            if (error) throw Error(error.message);
        }),
});
  1. User receives an email where they click on the button. They are redirected to the following callback url (api). This comes directly from the Supabase+Next13 template
export async function GET(request: NextRequest) {
  const requestUrl = new URL(request.url)
  const code = requestUrl.searchParams.get('code')
  if (code) {
    const supabase = createRouteHandlerClient({ cookies })
    await supabase.auth.exchangeCodeForSession(code)
  }
  return NextResponse.redirect(`${requestUrl.origin}/reset-password`)
}
  1. Browser shows an error that it has been redirected too many times and the vercel logs say the error I mentioned above.
  2. If I click on the button in the email again, it takes me to the reset password url but the url has some search params that mention that the auth code has expired or is invalid.

Expected behavior

I expect the callback url to redirect the user to the password reset page.

System information

  • OS: macOS
  • Browser: Arc (Chromium)
  • Version of supabase-js: latest

Additional context

If I am doing anything wrong or if you require more info, please let me know.

@muezz muezz added the bug Something isn't working label Nov 22, 2023
@oldbettie
Copy link

This is an ongoing issue but they seem to just move on here is another thread that was closed. #545

I have been scratching my head for days. following the guide provided in that thread creates the session correctly in the confirm/route.ts but once the next redirect happens it has no session sounds like there are a few open bugs about it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants