auth icon indicating copy to clipboard operation
auth copied to clipboard
verified publisher icon supabase

Various Ways of Password Reset

Open BlakeQG opened this issue 1 year ago • 0 comments

Improve documentation

Reset Password PKCE flow

Describe the problem

Two improvements here (1) In the document about password reset, it mentions the email template should contain the following HTML:

<h2>Reset Password</h2>

<p>Follow this link to reset the password for your user:</p>
<p>
  <a
    href="{{ .SiteURL }}/auth/confirm?token_hash={{ .TokenHash }}&type=recovery&next=/account/update-password"
    >Reset Password</a
  >
</p>

But it seems it is not necessary, the default {{ .ConfirmationURL }} follows this way. Below is the one I saw with {{ .ConfirmationURL }} .

https://*.supabase.co/auth/v1/verify?token=pkce_c65f725910287515426803ca*&type=recovery&redirect_to=https://subscription-*.vercel.app/auth/reset_password.

The only thing is during the resetPasswordForEmail, we need to provide the redirectTo parameter.

  const { error } = await supabase.auth.resetPasswordForEmail(email, {
    redirectTo: getURL("/auth/reset_password"),
  });

(2) In the document it mentions it usesverifyOtp for verification. But it seems exchangeCodeForSession should work as well. Please explain if any difference.

Describe the improvement

Add a section to explain different approaches and their pros and cons.

BlakeQG avatar Sep 05 '24 17:09 BlakeQG