Stojan Dimitrovski
Stojan Dimitrovski
Supabase Auth requires that the user have an email address present. Are you sure the user account has one?
Hey the notice is really about not using that with a custom role for now. It will be using `authenticated` or there'll be another way to define roles in the...
I will fix the issue for removing it.
> hmm so we're just hashing the token in the `refresh_tokens` table? what happens when the user tries to use the refresh token in `/token?grant_type=refresh_token` ? It's hashed and then...
> > For backward compatibility the non-hashed version is also looked up > > @hf Couldn't an attacker just send the hashed token (from DB) as the non-hashed token (in...
Old PR.
@nathansudo There's no way to do this right now. Please submit a PR if you think your suggestions would be useful for folks, as the team is a bit stretched.
I'll transfer this issue to github.com/supabase/gotrue as we've been discussing implementing some form of allowlist / denylist behavior. Still no timeline on it, but best this is tracked there.
This is a great suggestion. It will likely be covered with the work we're doing with SAML where the provider used to log in as well as its properties (if...
Not an issue in Supabase Auth (on the platform) since there's always an SMTP server. But for self-hosting, GoTrue uses the noop mailer which makes it confusing. Adding the label...