https://supabase.com/ logo
Join Discord
Powered by
is there any way to get the user id of the newly ...
# off-topic
k
is there any way to get the user id of the newly created user, even before they are verified? (I need to do some database inserts with data from the sign in form that needs to be tied to the user id)
g
If the user has not finished signing in then you don't have a valid token for the database. I assume you would not do an insert into a table without verifying the user doing the insert with RLS. If you used the signUp method (phone,email) you can pass in data with meta data.
k
from what I saw, phone doesn't have a signUp method, just signin and verifyOTP
but also, then how are we able to save any user details when using magic link or phone OTP passwordless? especially magiclink, can you pass a payload to magiclink?
g
k
yeah that mentions using the signIn method
g
Your right
k
which is what I am doing, and it will return a null user (tho the user is created but not verified, with a uuid, in supabase)
g
Even if you had the uuid what could you do with it safely?
k
really I just need to be able to save a user record linked to the user account using passwordless login (magic link and phone)
create a user record in a table with details, even if they aren't verified yet
g
But anyone could write to that
k
otherwise i have no way to save anything a user enters on a sign up form
how could anyone write to that?
like anyone could create accounts and not verify them?
g
You can't have RLS yet on uuid, so your table has no policy to protect it?
policies come from the uuid in the jwt, which you won't have until the user is verified.
k
so whats the method in supabase for creating users? seems like its a pretty standard process for apps to need to store some user data when a user creates an account
would seem asinine to me for this to not be possible (sorry, new to supabase, trying it out from firebase)
(particularly with phone and magic link, since I want to keep the app passwordless)
digging thru the github issues and I'm surprised I haven't found anyone hitting this yet
g
I collect info from the user after they have successfully signed in as first step with valid signin. I've been doing the same looking just now. I've seen people ask before though.
k
Ahh, yeah I'm hoping to collect some information off the bat
I was hoping it would just return the user since its a created user, even if its not verified yet (verified should just be a flag on the auth.user record)
or that there would be a way to pass a payload to the magiclink or OTP
(OTP less so since I can keep that stored in the app and pass it)
g
But even if it did return a user UUID, you really have an issue with writing to the database without a validated token, otherwise anyone can't write to that table.
k
i dont think it being validated should have bearing
if you try to sign in with the same number/different browser session, it doesn't create a new record with a new UID, it still knows your phone number has an unvalidated user record with a UID
so that record linked to that UUID could still be locked to that user and if they never actual validate, then no one will ever be able to do anything with the record (apart from admins)
g
If it were passed in as metadata data in signIn, I agree. But you can't just write a table as a anon user safely.
k
I'm not writing a table as an anon user
the user data is all getting passed to my backend server which is writing, but needs the UID to have something to look at for when users auth
g
Ah, then you could save by phone number or email as one option
k
ultimately though, the thing thats wild to me is that supabase cant create users with user data. that seems so basic as a necessity
there's a chance users will have an email and phone on an account (tho the login will just be one method still)
and how does it make a difference to save the phone number or the uid (im actually trying to save a users table with uid, email, phone number, and a few other user details, separate from the auth.users table since I can't do anything with that one)
g
It would be nice to have a UUID in your case (on the server side) I agree. But signIn will not return it. I don't use server stuff, any session or cookie options?
k
idk if there's a way with cookies, but with magic link I'm not sure if it would login with a new session and wouldn't have any passed data
maybe I'll file a feature request or something to the github (hurts to wait tho haha)
g
I did not look to see if there is one yet, and have never tracked the flow of code deep into gotrue on the server, but since signIn waits for an error response, one would think it could get the UUID back.
k
yeah, its odd you just get all `null`s back from signIn when doing it passwordless, so can't really do much (for when its successful)
g
Technically if you pass the users sign in info to the server you could query the auth table and get their uuid since you can use servicekey for access... sort of a kluge....
k
a bit hacky, but it might work haha, I'll give it a shot, at least in the mean time
and then will probably put an issue up tonight (and maybe there's a solution someone closer to the implementation of the code would know)
thanks for talkin thru it with me
g
@User This might be another option https://supabase.com/docs/reference/javascript/auth-api-createuser Create the user on the server side with no password and then do otp signin.
k
so haven't taken a stab at doing it all server-side yet. Tried the route of setting up a trigger to create the user field on the auth.user insert which works, but I still can't pull anything from my public.users tables I think because of RLS (which admittedly I think I'm only partially understanding). So if a user is not signed in with a session, then nothing else can access any of their data/records associated with that user (even the app/admin/backend)?
PreviousNext
Powered by