supabase-flutter icon indicating copy to clipboard operation
supabase-flutter copied to clipboard
verified publisher icon supabase

Add new 'pendingSignUpConfirmation' value to AuthChangeEvent

Open davoutuk opened this issue 2 years ago • 4 comments

I'm building a Flutter app and using Supabase to handle the user sign up and login. In the first instance I am using email/password to sign up new users, like..

Supabase.instance.client.auth.signUp(email: anEmail,password: aPassword);

In terms of a sign-up/login lifecycle I am surprised that the "onAuthStateChange" event support does not support this identity sign up process.

For example...

enum AuthChangeEvent { passwordRecovery, signedIn, signedOut, tokenRefreshed, userUpdated, userDeleted, pendingSignUpConfirmation signUpConfirmationReceived, }

Adding two new states to the 'AuthChangeEvent' enum would handle this, where:

  • pendingSignUpConfirmation - an event with this state would be sent after the confirmation email is dispatched
  • signUpConfirmationReceived - an event with this state would be sent once the user had clicked on the link in the email

Adding these two new event enum types would allow the app to change its UI to reflect the current state of the sign up process.

davoutuk avatar Jan 12 '23 10:01 davoutuk

Thanks for the suggestion. After discussing with the auth team, we will move forward with addingpendingSignUpConfirmation status!

Edited: The specific implementation might change from what I have above, but we might add a field within the returned value of signUp to indicate that the user is a newly created one.

dshukertjr avatar Jan 20 '23 02:01 dshukertjr

@dshukertjr I was implementing the sign up flow today and wondered how to handle email confirmation properly. Below is my understanding of the current behaviour.

  • User is not yet signed in after signUp() is executed successfully if confirmation is enabled.
    • No event is fired then.
  • Cannot sign in while confirmation is pending.
    • AuthException occurs with the message "Email not confirmed".
      • There seems to be no way to tell the error reason other than by trying sign-in and comparing the error string.
  • It is difficult to decide whether to show a confirmation screen when the app is launched next time.
    • currentUser and currentSession are null.
    • No event is fired on startup if user is not signed in.

So it is necessary that the pendingSignUpConfirmation status is notified on both sign-up and startup. Is your current plan similar to that? In Firebase Auth, the User object contains emailVerified being false before confirmation, and I think it is obtained on startup.

We are planning on releasing a new version of our app this spring after migration from Firebase. Hope the improvement arrives in time.

kaboc avatar Feb 21 '23 14:02 kaboc

The diagram attached is a state model for a authentication process. I would expect to see auth status events for each of the blue boxes in this diagram

image

davoutuk avatar Mar 06 '23 11:03 davoutuk

@dshukertjr

The specific implementation might change from what I have above, but we might add a field within the returned value of signUp to indicate that the user is a newly created one.

Will the pending status be only obtained as the result of signUp? It doesn't seem to resolve the issue that we can't check if a user needs email confirmation after a sign-up.

It is very disappointing that we haven't got any help from your support team for two months after one of my team members sent an inquiry and there has been no response here either.

kaboc avatar Apr 27 '23 02:04 kaboc