supabase
Resending signup confirmation email doesn't support pkce
Bug report
- [x] I confirm this is a bug with Supabase, not with my own application.
- [x] I confirm I have searched the Docs, GitHub Discussions, and Discord.
Describe the bug
When having email confirmation turned on for email+password signup and trying to resend the email, the resent email doesn't contain a hash token that works with pkce.
To Reproduce
In Dart:
await supabase.auth.signUp(email: "myemail", password: 'Aa123456-!',
Link in that email: https://myref.supabase.co/auth/v1/verify?token=pkce_1027fded09f1d5f05f39de2196cb815700b0bed72685a28983be1fd7&type=signup
and then
await supabase.auth.resend(type: OtpType.signup, email: "myemail");
Link in that email: https://myref.supabase.co/auth/v1/verify?token=0314f758286a584407d6b76d671e4762346b4786ad29a108a9d04da5&type=signup
Expected behavior
The user is able to confirm their email with the resent email when using pkce flow.
Screenshots
If applicable, add screenshots to help explain your problem.
System information
- Version of supabase_flutter: 2.8.0
Additional context
This was already discussed here: https://github.com/orgs/supabase/discussions/18442
A user reported that here: https://github.com/supabase/supabase-flutter/issues/1084
Any news on this? I can't resend email confirmations why is this an issue still?
This will not work with the default email template and this should be handled the same way the other emails are handled. You will need to update the email template and create a endpoint in your app to verifyOtp. The temaplate would look like the below where at the auth/confirm endpoint you are calling .verifyOtp and giving it the query parameters. I'm not too familiar with Flutter but this should be doable there too.
<h2>Confirm your signup</h2>
<p>Follow this link to confirm your user:</p>
<p>
<a
href="{{ .SiteURL }}/auth/confirm?token_hash={{ .TokenHash }}&type=email&next={{ .RedirectTo }}"
>Confirm your email</a
>
</p>
