Transform anon users in normal users, how to do that? The docs are lacking
I have been trying to build a simple poker game with sveltekit and supabase, I sign in every visitor as anonymous when the first visit the site, an anon user can have friends and is necessary to be recognized by the poker table game backend.
When I want to transform the anon users in a normal user, the documentation recommends to update the email first, verify it and only after change the password.
https://supabase.com/docs/guides/auth/auth-anonymous
But how can this be done if the email confirmation method is a link, I would not be able to pass the password in the verification link provided by supabase? Wouldn’t it be better if I signUp a completely new user and after it is verified I link the anon user to it?
Creating a new email user and then linking the anon user to it seems like a simpler approach and I was wondering why hasn’t been added to the docs?
Does this method have any problem I am not aware of?
Anonymous Sign-Ins | Supabase Docs
Create and use anonymous users to authenticate with Supabase
4 Replies
I didn't think about splitting them, but that's probably more secure.
I'd do the update of the email but set your "change email" email template to send an OTP instead of a link.
Then, on the same page that they entered their email on, have a popup or whatever asking for the OTP and their new password.
I am saying this because with the method provided by the docs if someone wants to use confirmation links, it cannot register the user from a device and confirm it from another.
So do you think that is a viable option to split anon users and standard users? Should I put it in production? Are there any problems I am not aware of?
I meant spllit the updates - email and password. My demo app updates them at the same time, but I now understand why we should update the email first, then, only after some kind of verification, update the password.
Have you tried submitting both at the same time? I did talk to someone from the Supabase Auth team about this in the past and they said they were going to work on provision of having the user set the email and password at the same time instead of just email first. Try and let me know if it work.
Yeah here is the PR that fixed this issue, maybe the docs just need updating https://github.com/supabase/auth/pull/1739. I did test this at the time it was implemented and it worked as the PR states.