You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
May be related to #161. It was the only issue I found that looked similar.
I am using the Supabase Dart Client, although this seems to be a GoTrue Issue. When using resetPasswordForEmail() method, and the redirectTo parameter is localhost with a port, the rest of the path is stripped from the email.
This code seems to work absolutely perfectly. When receiving an email from the app (not on debug mode), the email is correctly formatted to have /recovery at the end of the domain, as expected.
When the email is sent with a redirectTo parameter equal to https://app.domain.com/recovery/ the backend correctly sends an email with the correct parameter also in the OTP link. This is not the case if the redirectTo parameter is equal to http://localhost:61000/recovery.
When receiving the OTP email however, the path is stripped, even though the HTTP request was correctly sent. https://domain.supabase.co/auth/v1/verify?token=${token}&type=recovery&redirect_to=http://localhost:61000/
In supabase auth logs, it appears that the path is correctly parsed aswell.
I have also set up the auth settings to allow this domain.
When using this code, I do get the correct email with the correct path.
Correction:
It doesn't look like GoTrue is correctly parsing the path, as stated above. (Oops) I got path of Supabase domain mixed up with the path of my domain.
This is the output of the request start and complete, in the supabase auth logs.
Hi @MeyerOppelt, as mentioned in our docs, the * operator doesn't consider urls with a separator. It seems like you have a / character at the end of your redirect urls, which is a separator. You can either removing that character or use ** in your allow list of redirect urls.
Bug report
Describe the bug
May be related to #161. It was the only issue I found that looked similar.
I am using the Supabase Dart Client, although this seems to be a GoTrue Issue. When using
resetPasswordForEmail()
method, and the redirectTo parameter is localhost with a port, the rest of the path is stripped from the email.This code seems to work absolutely perfectly. When receiving an email from the app (not on debug mode), the email is correctly formatted to have /recovery at the end of the domain, as expected.
When the email is sent with a redirectTo parameter equal to
https://app.domain.com/recovery/
the backend correctly sends an email with the correct parameter also in the OTP link. This is not the case if the redirectTo parameter is equal tohttp://localhost:61000/recovery
.Query String Parameters:
redirect_to=http%3A%2F%2Flocalhost%3A61000%2Frecovery%2F
Decoded
redirect_to=http://localhost:61000/recovery/
When receiving the OTP email however, the path is stripped, even though the HTTP request was correctly sent.
https://domain.supabase.co/auth/v1/verify?token=${token}&type=recovery&redirect_to=http://localhost:61000/
In supabase auth logs, it appears that the path is correctly parsed aswell.
![Screenshot 2024-02-15 at 8 42 09 PM](https://private-user-images.githubusercontent.com/16761291/305282476-59649119-b455-4438-a1fa-c7e100820ab2.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjE2MTAwNzksIm5iZiI6MTcyMTYwOTc3OSwicGF0aCI6Ii8xNjc2MTI5MS8zMDUyODI0NzYtNTk2NDkxMTktYjQ1NS00NDM4LWExZmEtYzdlMTAwODIwYWIyLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA3MjIlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNzIyVDAwNTYxOVomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPWU2MTEyMDEzMzBiNjZiY2MzYTU2N2VhYjE3YzBjMDg2OTFkZWZiZjFiMjAxMWJiMWUwOGU2NWM0ODhiY2RiNTAmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.oyB7_3KjXz-nydrCspQpiS-Ax9oc3dF6O8l_s3c8JU8)
I have also set up the auth settings to allow this domain.
![Screenshot 2024-02-15 at 8 44 08 PM](https://private-user-images.githubusercontent.com/16761291/305282879-3640455d-3aaf-4920-8e81-c189c176af3e.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjE2MTAwNzksIm5iZiI6MTcyMTYwOTc3OSwicGF0aCI6Ii8xNjc2MTI5MS8zMDUyODI4NzktMzY0MDQ1NWQtM2FhZi00OTIwLThlODEtYzE4OWMxNzZhZjNlLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA3MjIlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNzIyVDAwNTYxOVomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTJlZTdlZmExYTc4MDVhYzk2ZWMxMTU5NDcxMTZhMGVmZGFjYTg3MDY4MmQzZDRlMGZmMDJiNTIwNmU5MDBiYjUmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.nS_n6X7ngX4GtNeyqhgtsW62CfPi-juZ32PxV2g2CDk)
When using this code, I do get the correct email with the correct path.
https://domain.supabase.co/auth/v1/verify?token=${token}&type=recovery&redirect_to=https://app.domain.com/recovery/
The HTTP redirectTo query parameter for this email is:
https%3A%2F%2Fapp.domain.com%2Frecovery%2F
https://app.domain.com/recovery/
As specified in these documents I should have my redirect domains setup correctly:
https://supabase.com/docs/guides/auth/concepts/redirect-urls
Glob Tool
System information
MacOS Sonoma 14.1.1
Google Chrome 112.0.5615.121 ARM64
^2.3.1
If you need any more information, I would be happy to oblige, Thank you in advance for your help.
The text was updated successfully, but these errors were encountered: