https://supabase.com/ logo
can't get the code from resetPasswordForEmail
m

microbinson

05/25/2023, 4:45 PM
Hi. I'm using resetPasswordForEmail, which is sending me an email as expected. The link takes me to my nominated callback function, but const code = url.searchParams.get('code') gets me nothing. Although the docs state that "The query parameter is always code" there is no such query parameter on the url that I am seeing. const next = url.searchParams.get('next') returns my next function ok. There is a long hash tag - "#access-token=". Can anyone help/advise me? Thanks!!
s

silentworks

05/25/2023, 4:48 PM
Is this in an server-side rendering (SSR) app?
From the hash that you have shown you are using the implicit flow and not the PKCE flow which is why you don't have the code.
m

microbinson

05/25/2023, 4:49 PM
yes - I'm in SvelteKit and coming back to a server endpoint
s

silentworks

05/25/2023, 4:49 PM
I'm going to update that doc to mention that your project should be using the Proof Key for Code Exchange (PKCE) flow, I didn't include it initially because that's now the default for auth-helpers which is normally used in SSR.
Upgrade to the latest SvelteKit auth-helpers which was released last night. It should be
0.10.0
.
m

microbinson

05/25/2023, 4:51 PM
will do. thanks for the help. and fast!
s

silentworks

05/25/2023, 4:52 PM
Sorry about the lack of information in that guide. I'll revise it soon.
m

microbinson

05/25/2023, 4:55 PM
no worries. I'm coming back to code after a few years in so-called consultancy, so it's all an education 🙂
m

major_paul

05/25/2023, 5:27 PM
Just wanted to hop in and say thanks for this! I have been banging my head up against a wall for a day -- PW reset goes out, I get the email, it comes out to my chosen SvelteKit endpoint... I have the user submit their reset PW and no matter what I do in my form action I'm getting 'Auth Session Missing!' back.
But I was using supabase-js, not auth-helpers, so I will try that.
Side thought: where is the updateUser() function looking for the auth session? I could manually force it there; I do see the access_token and such coming in.
s

silentworks

05/25/2023, 5:40 PM
You are automatically logged in when you get redirect to your password page. The flow is described here https://supabase.com/docs/guides/auth/auth-password-reset, you should also open your own thread.
m

major_paul

05/25/2023, 5:40 PM
Copy both, thanks!