Kang Ming

Is there a reason why the `OPERATOR_TOKEN` is used to sign the token [here](https://github.com/netlify/gotrue/blob/4c4b9223899feeeb9b5a1bd298d9e597b4249b8d/api/external.go#L71) instead of `JWT_SECRET`? It seems like regardless of whether gotrue is set to multi-instance mode or...

Hey everyone, the tokens are placed behind a query fragment because gotrue follows an oauth2 protocol known as the [implicit grant flow](https://datatracker.ietf.org/doc/html/rfc6749#section-4.2). > This also affects when client email provider...

Hey everyone, > I imagine that changing from single-use auth tokens to auth tokens with an expiration date would fix this issue. Unfortunately, this is not secure since the link...

hey everyone, gonna be closing this PR since it is already possible to include `user_metadata` in the signup method. here's how to do it in the latest master version /...

also, thanks everyone for contributing in one way or another and @johncomposed for taking the time to work on this PR

Thanks for raising this up @Rayyanmaq1, we should create a function on gotrue-js to handle password resets for phone and password signups. Currently, a workaround for this would be to...

Could you elaborate more on what you mean by "reset the password" please? A password reset is the same as updating the password once the user is authenticated. If the...

Hey @Rayyanmaq1, please let us know if you're still facing this problem, as mentioned, if you wish to reset a user's password through a phone number, these are the following...

Hey @chipilov, could you please clarify how your application managed to get into a state where the `persistSession` value on both tabs are different? Thanks for taking the time to...

Hey @piehouserat, > I would not expect a user to be automatically signed in if clicking on a password reset link. This is currently the behaviour of gotrue. A password...