Enabling Post-Signup Email Verification without Blocking User Sign-In on Supabase

[SergejSi]

Bug report

• I confirm this is a bug with Supabase, not with my own application.
• I confirm I have searched the Docs, GitHub Discussions, and Discord.

Describe the bug

I am trying to improve the user experience in my application by allowing users to sign in immediately after registration, even before verifying their email. The default behavior in Supabase requires users to verify their email before they can sign in, which I believe creates a poor user experience. I want to give users the ability to verify their email after they have signed in by sending them a verification link or preferably a code to verify their email. However, I'm facing an issue where I cannot send a verification link to users using the Supabase Auth resend method for this purpose.

To Reproduce

Steps to reproduce the behavior, please provide code snippets or a repository:

1. Initialize Supabase auth with a user's email and password.
2. Try to send the user a verification email after sign-up (not blocking sign-in) using the resend method as follows:

   await supabase.auth.resend({
       email: user?.email as string,
       type: "signup"
   });

3. Notice that no verification email is received.

Expected behavior

I expect to be able to send users a verification email (or ideally a verification code) after they have signed up and signed in, without blocking their initial sign-in due to unverified email. This approach aims to enhance the user experience by not forcing email verification before the user can explore the application.

Additional context

This issue is critical for user onboarding and directly impacts the user experience in our application. If there's an alternative approach to achieve this behavior or if someone has solved a similar issue, insights would be greatly appreciated. Ideally, I would like to send a verification code that users can enter to verify their email, but currently, the primary issue is the inability to resend the verification link after the user signs in.

[GaryAustin1]

Not sure if the new anonymous sign in would get you there.
supabase/auth-js#858

[encima]

Hi @SergejSi ,

As @GaryAustin1 mentioned, the anonymouse authenticated user is an upcoming feature that could solve this. Unfortunately, other methods would require custom implementing (using Auth Hooks) as a user is only verified once the email is.

There is an issue with your approach in that users can then "game" the system by providing a fake email for the initial access if they realise that functionality exists.

I will close this for now as the upcoming feature could allow an implementation of this.

[encima]

Transferred to gotrue for better tracking. The source issue is open here and we can discuss there