Reputation: 304
Supabase Reset Password Token
In Supabase, when a user requests a password reset, they receive a reset token via email. Clicking the reset link takes them to the reset password page, which includes the token in the URL. Alternatively, someone could manually enter a URL like domain/reset-password?random-token, which would also load the reset page.
Reset Password Flow:
- The user requests a password reset.
- They receive an email with a reset link.
- Clicking the link redirects them to the reset password page with a token in the URL.
- The token is sent to Supabase to validate and update the password.
Issue: If someone enters an invalid or random token in the URL, they still land on the reset password page. I want to prevent this and instead redirect them to the login page if the token is invalid.
Solution: How can I handle this validation properly? Is there a way to check the token before rendering the reset page and redirect users if the token is invalid?
Upvotes: 1
Views: 104
Answers (1)
Reputation: 43
Supabase provides a built-in way to handle password reset token validation using the verifyOtp method.
Validate the Reset Token
const { data, error } = await supabase.auth.verifyOtp({
token: token,
type: 'recovery'
});
Reference:
Supabase Docs: https://supabase.com/docs/reference/javascript/auth-verifyotp
Upvotes: 1
Related Questions
- How to update the password of a Supabase user on a NextJs project?
- Reset password, Supabase, Flutter. Cannot change passord after back in app
- Supabase reset password error: "Auth Session Missing"
- NextJs Supabase, Reset Password. Email verification token
- Supabase reset password in Flutter
- Get token parameter inside of .ConfirmationURL to reset password on reset password template supabase
- How do I recover the reset password token from Supabase in React?
- Token invalid on reset password with ASP.NET Identity
- asp.net identity 3 - Reset password invalid token