https://supabase.com/ logo
Join Discord
Powered by
Having trouble successfully updating/creating a pa...
# help
n
Having trouble successfully updating/creating a password for a user signed in/authenticated by magic link in a simple sveltekit setup. The const 
{ data, error } = await supabase.auth.update({ password: "password" });
workflow throws a 
401 (Unauthorized) Password update requires reauthentication
error. My function is dead simple:
Copy code
const updatePassword = async () => {
  try {
    const { user, error } = await supabase.auth.update({
      password: "password"
    });
    if (error) throw error;
    updateMessage = `Password updated: ${new Date()}`;
  } catch (error: any) {
    updateMessage = `${error.error_description || error.message}`;
  } finally {
    loading = false;
  }
};
The same approach is successful for updating email (triggers the 2 step confirmation path) and metadata. I've also tried using the 
supabase.auth.api.updateUser(accessToken, {password: 'password'})
, which returns the same error. Additional wrinkle: 
supabase.auth.update()
doesn't return the error when passed 
password: undefined
. And it successfully updates metadata when the payload is: 
{ password: undefined, data: { hello: 'world' } }
n
Hello @ngs! This thread has been automatically created from your message in #843999948717555735 a few seconds ago. We have already mentioned the @User so that they can see your message and help you as soon as possible! Want to unsubscribe from this thread? Right-click the thread in Discord (or use the ``...`` menu) and select "Leave Thread" to unsubscribe from future updates. Want to change the title? Use the ``/title`` command! We have solved your problem? Click the button below to archive it.
s
The error would indicate that the user isn't logged in. Where in your sveltekit code are you running this?
n
Auth is run through a component in the root layout. Then update is a form on a route at the same level.
It really does seem like the user isn't logged in, or that I'm doing something janky with the token. As far as I can tell, signIn() and signOut() set and unset the token as expected (
"currentSession": {"provider_token": "null", "access_token":...
). And a 
supabase.auth.onAuthStateChange()
isn't triggered between signIn and signOut.
Ok. I've stripped this all the way down. Spun up a fresh SvelteKit project (using the existing supabase db) containing nothing but the supabaseClient, the .env, a bit of markup, and these functions:
Copy code
<script>
  import { supabase } from '$lib/supabaseClient';

  let email = '';
  let password = '';

  const handleSignUp = async () => {
    const { user, session, error } = await supabase.auth.signUp({
      email,
      password
    });
  };

  const updatePassword = async () => {
    const { user, error } = await supabase.auth.update({
      password
    });
  };

  const handleSignIn = async () => {
    const { user, session, error } = await supabase.auth.signIn({
      email,
      password
    });
  };
</script>
Still getting exactly the same error.:
Copy code
"code": 401,
"msg": "Password update requires reauthentication."
I'm on: 
"@supabase/supabase-js": "^1.35.3"
"@sveltejs/kit": "next"
"svelte": "^3.44.0"
Ok, so after all that, I finally initialized a new database instance, and..it seems to work just fine. No issues in any of the original code. It must be a corrupted table/db. Not sure I love the error it threw though. 
401: Password update requires reauthentication.
doesn't seem quite right.
@silentworks another question. After testing other db (with URL and ANON_KEY), I restarted the original database hoping it could be repaired. When I tried to access it again, I'm now getting an 
Origin <url> is not allowed by Access-Control-Allow-Origin. Status code: 401
error. Any idea how to restore access?
n
Thread was archived by @ngs. Anyone can send a message to unarchive it.
PreviousNext
Powered by