Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New user confirmation is broken #716

Open
2 tasks done
kitzj opened this issue Jan 4, 2024 · 0 comments
Open
2 tasks done

New user confirmation is broken #716

kitzj opened this issue Jan 4, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@kitzj
Copy link

kitzj commented Jan 4, 2024

Bug report

  • I confirm this is a bug with Supabase, not with my own application.
  • I confirm I have searched the Docs, GitHub Discussions, and Discord.

Describe the bug

There are several, potentially interconnected issues at play here:

  • emailRedirectTo field for a new user sign-up is always ignored for new user sign-up confirmation email. It always redirects to whatever is in the default in URL Confirmation settings.
  • When I initiate a new user sign-up, upon the confirmation email even being sent to the person, the user is confirmed (before they even click the link)
  • When I confirm a user with my own code, I get (screenshot 1) sequence of logs, and with the Supabase example I get (screenshot 2) logs. The difference is that with min I get the 401 missing subclaim error:
    ({"component":"api","error":"401: invalid claim: missing sub claim","level":"info","method":"GET","msg":"401: invalid claim:
    missing sub claim","path":"/user","referer":"https://ostira.com/auth/verify","remote_addr":"157.245.130.122","time":"2024-
    01-04T20:58:28Z","timestamp":"2024-01-04T20:58:28Z"}
    whereas with the example application I don't. However, the result of 401 Email link is invalid or has expired is still the same (the error is triggered when the call for exchangeCodeForSession call is made in both scenarios), which suggests that the 401 missing subclaim error may not have to do with the 401 email link is invalid or has expired error:
    {"component":"api","error":"Confirmation Token not found","level":"info","method":"GET","msg":"401: Email link is invalid
    or has expired","path":"/verify","referer":"http://localhost:3000/auth/callback","remote_addr":"108.30.150.98","time":"2024-
    01-04T21:01:09Z","timestamp":"2024-01-04T21:01:09Z"}

To Reproduce

Steps to reproduce the behavior, please provide code snippets or a repository:

  1. Put this URL to the nextjs supabase example repo into https://download-directory.github.io/ to download it locally.
  2. Change the name of .env.example to just .env and add your credentials
  3. Run the application locally (npm run dev)
  4. Sign up
  5. Open the auth logs and see if you're getting the same errors as me when you click the link

Expected behavior

There should be no errors exchangeCodeForSession should return a valid session.

Screenshots

Screenshot 1
image

Screenshot 2
image

System information

  • OS: macOS
  • Browser: Brave
  • Version of supabase-js: ^2.39.1 (my application), ^2.33.1 example application
  • Version of Node.js: v20.8.0 (both)

Additional context

In both my app and the example supabase/ssr auth library is being used. Something I did notice is that supabase-ssr is dependent on supabase-js version ^2.33.1 not the latest version my application is running, ^2.39.1 (well now ^2.39.2, but basically the same)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kitzj