-
-
Notifications
You must be signed in to change notification settings - Fork 6.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Signup confirmation email link buggy on second click #504
Comments
use
and
in https://app.supabase.io/project//auth/settings config the field and everything will work :D |
@carlosstenzel Thanks for sharing these, and sorry for not replying earlier. Unfortunately, I don't think these address my issue. I have configured the site url in settings, and everything works fine from clicking the signup confirmation link in the email until I'm back in my app. The email has a link like |
understand double clicking to confirm it returns the error.
@kiwicopple . can we make a lake to deal with this error? ** if the token does not exist, just redirect to the site |
I was just looking at the code in gotrue to understand what is happening. I don't speak Go, but it seems that this line is where the issue is. I'm seeing a 404 JSON, but maybe a more user friendly page that shows HTML instead of JSON would be easier. Or redirect to the siteURL with an extra param so we can handle it in the app. |
Just found this other issue which seems to be the same |
ah! looks like we applied the fix only to recovery and not to signup: https://github.com/supabase/gotrue/pull/44/files |
Attempt to fix via https://github.com/supabase/gotrue/pull/82 Sorry had to put the comment here as the fix was made in the gotrue repo but the issue is in this supabase repo. |
What is the status on this? The PRs mentioned above were merged but it still happens. |
Is it possible to handle stale magic links w/ a redirect URL, e.g. to a signup page? |
appears to be fixed now, I get redirected to "<SITE_URL>/#error_code=404&error_description=Confirmation+Token+not+found" |
@awalias I see it's closed, but since this is the only place I found when googling, for benefit of others: When clicking on the
Now I didn't test how it looks when you click on it when it's actually expired*. The error_description says "invalid+or+has+expired", so I wonder how do I know which one it is? Because I need to show different things to the user. (Unless you can advise me if I need to do it, it's a smell that my auth flow is bad...?) *Btw, is this controlled by |
+1. Wondering what the preferred method of handling auth errors for an expired magic link is. |
+1 I'm in the same boat as @peachp. I don't know if my auth flow is bad or what, I'm getting multiple reports of users being put in an endless loop where the magic links they're clicking from email are expired. This is also the only place I found via Google that mentions this. |
+1 |
Also had some users report this issue. I'm trying to see if it's an email security setting that "clicks" on the links before the users are able to. Any updates from the team as how to handle invalid confirmation links? |
Bug report
Describe the bug
if I click the account confirmation link again after confirming, I get an ugly JSON 404 response. Since this is user facing, it can be confusing.
The JSON response looks like this
{"code":404,"msg":"User not found"}
.To Reproduce
Steps to reproduce the behavior, please provide code snippets or a repository:
Expected behavior
A proper HTML page with a meaningful message would be better. Maybe "you've already confirmed your account"?
The text was updated successfully, but these errors were encountered: