SupabaseS
Supabase12mo ago
jace10

Handling Password Reset

Hello,

I am trying to figure out if something changed here, as I'm pretty sure this used to work. On my project, I allow users of my application to ask for a password reset if they provide a valid email. This password reset calls this code:

supabase.auth.resetPasswordForEmail(email = email,
                                    redirectUrl = "REDACTED_URL/resetPassword?")


My reset password email config looks like:

<h2>Reset Password</h2>

<p>Follow this link to reset your password:</p>
<p><a href="{{ .SiteURL }}/resetPassword?confirmation_url={{ .ConfirmationURL }}">Reset Password</a></p>


This correctly results in the user being sent an email with the link to reset password taking them to my webpage. On that webpage, I have a button, and if they click the button, it navigates to the confirmation url, which looks like this:

https://redacted.supabase.co/auth/v1/verify?token=redacted&type=recovery&redirect_to=http://redacted.com/resetPassword?


If I click on the button (or navigate to it directly), it seems to correctly redirect to my provided redirect, with the following in the url:

https://www.redacted.com/resetPassword#access_token=TOKEN&expires_at=1736997049&expires_in=3600&refresh_token=REFRESH&token_type=bearer&type=recovery


Two things that puzzle me.

1) When I check for a session with
const {data, error} = await supabase.auth.getSession()


Session is still null, with no error. I thought when I first implemented this that the session was populated, is that not what visiting the provided confirmation URL is meant to do?

2) I am not sure why the ? I include in my URL is getting wiped out, which then makes it harder to try and access the access token to authenticate the user manually after the fact

Any insight appreciated, or please let me know if I am misunderstanding how this flow is supposed to work.

Thanks!
Was this page helpful?