inviteUserByEmail creates a new user by email :/

This way I get two user ids for the same user, which is not what I'd like to have

@jaitaiwan maybe using the

update

function and then calling

sendMagicLinkEmail

with

shouldCreateUser=false

could work?

That could work!

Sorry to jump in but at least per doc using update does send conf email. https://supabase.com/docs/reference/javascript/auth-update

How did I miss that?! Thanks @garyaustin

Thanks! I'll give it a try and let you know 🙂

I just saw the new (or at least new to me!) auth setting for reuse interval. from the docs, it sounds like it's

REFRESH_TOKEN_REUSE_INTERVAL

and that it only applies if

REFRESH_TOKEN_ROTATION_ENABLED

is true. I'm not on a self-hosted server, so is it safe to assume that

REFRESH_TOKEN_ROTATION_ENABLED

is defaulted to true for me? as a follow up, I was a bit confused by the docs that said:

The reuse interval for a refresh token allows for exchanging the refresh token multiple times during the interval to support concurrency or offline issues.

my understanding was (loosely) that refresh tokens would not expire, and would only be revoked on logout or if the client attempts to use one. would this setting primarily be helpful if there were multiple separate attempts to refresh using the same token? or is there a different edge case that this is addressing? just trying to wrap my head around what it does and if we would want it enabled (I assume yes). relevant docs that I found are here, there might be others that I'm missing: https://supabase.com/docs/reference/tools/reference-auth thanks!

Using the

update

function I'm getting this error from js client:

error: { message: 'Error sending change email', status: 500 }

and this is the log in gotrue:

level=error msg="500: Error sending change email" component=api error="gomail: could not send email 1: gomail: invalid address \"\": mail: no address" method=PUT path=/user referer= remote_addr="192.168.123.5:37394" request_id=507417c7-139d-4ebd-ac2d-979cd6349976

But the email confirmation sometimes arrives 🤔 I can confirm that the SMTP server is working (I'm using Mailgun), because if I try to signup with email/password, it doesn't give any error

@garyaustin also, verifying email at address

http://localhost:8000/auth/v1/verify?token=muMSGs3Z9f0N98BAHpc1MQ&type=email_change&redirect_to=http://localhost:3000

gives me error:

error_code=404&error_description=User+not+found

@garyaustin managed to solve it by setting

GOTRUE_MAILER_SECURE_EMAIL_CHANGE_ENABLED: "false"

, which disables double verification (verifies both old, which in my case does not exist, and new email). The problem is that this env variable is not documented anywhere, neither at https://supabase.com/docs/reference/tools/reference-auth nor at https://github.com/supabase/gotrue. I found it only at https://github.com/supabase/gotrue/blob/master/example.env#L38

Opened a PR to document this and was just merged 😎 https://github.com/supabase/supabase/pull/7948

anyone have experience developing a supabase setup locally with a forked version of gotrue?

I am currently trying to do this by forking supabase/supabase and using a local fork of gotrue-js via npm link.

Yoooo

Running into http://localhost:3000/?error=server_error&error_description=Error+getting+user+email+from+external+provider from twitter oauth, has this been resolved by anyone?

The twitter acc does have an email linked

Ive only made local edits to the gotrue server code.

I had to make changes so that the access token is available to the redirect url. This way I can do real server side auth without onAuthChange. Progressive enhancement doesn’t work so well with when we have to run JS to auth.

hey there I'm wanting to get all of the users in the auth table that has not signed it and then resend them the confirmation email. is there anyway to do this semi-easily? I know I can get the confirmation token so i should worse case senario be able to create the email that supabase creates and send that as a link that somone would be able to click on and authorize their account.

(using the js version btw)

I want to build multiple apps using Supabase as backend for all of them -- but I don't want to duplicate the auth for my users. Can I set it up so that I get all the benefits of row-level security across all my apps but the auth is shared between them and I don't have duplicate user accounts?

It seems like we have a user that receives a recovery email when she tries to login using magic link (by just supplying email to the

signIn

function). Is there anycase where this should happen?

hey, not that I'm aware of... can you elaborate a bit more?

not at this time, unfortunately... but we're looking into different types of SSO and multi-tenancy use-cases, so watch this space

that's a great suggestion! I don't believe this is a standard feature at this time, tho

does supabase link accounts with same email automatically? i.e: I created an account with email/pass then i try to login with gmail with same email...does supabase link them internally and issue same user id?

In general yes, various provider accounts are linked by the same email with the same user id. In testing awhile back (see links) this worked with email/password also, with some strangeness. I've seen no further updates on this, but have not done an exhaustive search. https://github.com/supabase/supabase/discussions/5827#discussioncomment-2305049 https://github.com/supabase/supabase/discussions/6811 These are a bit older, so maybe there has been progress.

thanks this should be in the docs i think 🙂

You could raise a doc issue in Supabase/supabase github. I've not searched to see if anyone ever has, but don't recall seeing it.

============================= Channel locked. Please ask in #1006358244786196510. =============================