-
Notifications
You must be signed in to change notification settings - Fork 325
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Password change not possible if GOTRUE_SECURITY_UPDATE_PASSWORD_REQUIRE_REAUTHENTICATION enabled. Error: "update requires reauthentication" - not possible to provide Nonce #1015
Comments
Seems like gotrue-js doesn't support this either. I guess because the supabase platform does not support that flag, but only self-hosted. Do I understand the flow correctly, that you need a |
@Vinzent03 Speaking of password change flow, I am not exactly sure what's the "right" way, documentation is sparse and I've only deducted that I need Even if I get the I didn't find this setting in a hosted Supabase so you're probably right... but honestly, allowing password change without reauth of some sort or without requiring current password is a deal breaker to me regardless where my Auth API is self-hosted or managed. # gotrue/internal/api/user.go`:112
if !config.Security.UpdatePasswordRequireReauthentication {
if terr = user.UpdatePassword(tx, *params.Password); terr != nil {
return internalServerError("Error during password storage").WithInternalError(terr)
}
isPasswordUpdated = true
} else if params.Nonce == "" {
return unauthorizedError("Password update requires reauthentication.")
} else {
if terr = a.verifyReauthentication(params.Nonce, tx, config, user); terr != nil {
return terr
}
if terr = user.UpdatePassword(tx, *params.Password); terr != nil {
return internalServerError("Error during password storage").WithInternalError(terr)
}
isPasswordUpdated = true
} |
Since the scope is larger than just the Flutter library, I am transferring this to gotrue repo. |
Hi everyone, we've added the methods to the supabase-js client library already and have also updated the docs for the following:
|
If:
GOTRUE_SECURITY_UPDATE_PASSWORD_REQUIRE_REAUTHENTICATION
option is enabled for the GoTrue API it is not possible to change password usingupdateUser
, e.g.:According to current docs:
https://github.com/supabase/gotrue#get-reauthenticate
https://github.com/supabase/gotrue#put-user
user will need to reauthenticate first, however it doesn't seem is currently possible to provide
nonce
using Flutter library.I am using Flutter gotrue v
1.5.7
.The text was updated successfully, but these errors were encountered: