Hi <@U021RFXUHNH>, I am using Auth with PKCE. I see that all email sent with `auth.resetPasswordForE...

Hieu Vu

07/10/2025, 12:07 PM

Hi @Jan, I am using Auth with PKCE. I see that all email sent with

auth.resetPasswordForEmail

auth.resendEmail

In the url in the email, they are always contain code and token_hash value and not one in the Email configuration. Like

{{ .ConfirmationURL }}?code=694bbb26-8514-4954-8050-113a56b3d53a&token_hash=pkce_231caed315d266012cabccd638753a692b0fc1a3b4c0c3ce31bceb46

And not

{{ .ConfirmationURL }}/?token_hash={{ .TokenHash }}&email={{ .Email }}

So to handle the Reset Password and Sign Up flow, we will specify the redirectUrl and based on redirectUrl to handle with deeplinking. And call:

Copy code

supabaseAuth.verifyEmailOtp(
    type = OtpType.Email.EMAIL,
    tokenHash = tokenHash
)

In Reset Password , later I just update user with

Copy code

auth.updateUser {
   password = "secretPassword"
}

Is that correct? I use this for my sign up. Now I am implementing Reset Password flow and was confused if I need to use the

code

token_hash

or both for verification

Jan

07/11/2025, 11:47 AM

does the

code

even work?

Hieu Vu

07/11/2025, 4:21 PM

No Jan. Seems that is not the right flow. I can handle Reset password flow now without that verify method. Basically we need to use the code to call exchangeCodeForSession, and then call updateUser. Without the exchange, updateUser will return the error saying that the request require bearerToken

Hieu Vu

07/11/2025, 4:22 PM

I am writing an article on how to handle the flow. I’ll share soon.

5 Views

Open in Slack

Previous Next

kotlinlang

A modern programming language that makes developers happier.