auth-js
auth-js copied to clipboard
fix: add methods for update password reauthentication
What kind of change does this PR introduce?
- Provides corresponding methods for gotrue-js for password reauthentication
// To send a reauthentication request
supabase.auth.reauthenticate()
// To update password with reauthentication
supabase.auth.update({
"password": "newpassword",
"nonce": "123456"
})
Steps to test
- Enable
Update password requires reauthentication
on the dashboard - Initialise supabase client
- Sign up with any method (password-based, passwordless or oauth)
- Request for reauthentication
supabase.auth.reauthenticate()
- Update your password by calling
supabase.auth.update({...})
As just discussed, one though: we probably should unify all of this in one method:
// GotrueApi.js
async sendOTP(
access_token?: string,
email?: string,
phone?: string,
options: {
shouldCreateUser?: boolean
captchaToken?: string
} = {}
): Promise<{ data: {} | null; error: ApiError | null }>
// GotrueClient.js can call await sendOTP() and we fill in the JWT from the session.
async sendOTP(
email?: string,
phone?: string,
options: {
shouldCreateUser?: boolean
captchaToken?: string
} = {}
): Promise<{ data: {} | null; error: ApiError | null }>
And generates the appropriate nonce/OTP accordingly. Wdyt?
And then we should mark sendMobileOTP
as deprecated.
hmm actually maybe we shouldn't default sendOTP()
to take the JWT from the session? That seems kinda strange to me - maybe we should have another option like useJWT
:
async sendOTP(
email?: string,
phone?: string,
options: {
shouldCreateUser?: boolean
useJWT?: boolean
captchaToken?: string
} = {}
): Promise<{ data: {} | null; error: ApiError | null }>
Technically, calling sendOTP()
would still send an OTP to either the user's email or phone number (email is preferred). But the main use of this would be for reauthenticating on password update which doesn't seem clear to me just by looking at the function signature. Wdyt?
cc @awalias @inian
closing this in favour of #688