Supabase•10mo ago•

3 replies

How to properly verify OTP for `reauthentication` to update password in Supabase?

auth🟡javascript

Hi! I'm trying to update the user's password using

supabase.auth.updateUser({ password })

supabase.auth.updateUser({ password })

, but I correctly get the

reauthentication_needed

reauthentication_needed

error. I'm triggering

supabase.auth.reauthenticate()

supabase.auth.reauthenticate()

which sends the 6-digit OTP via email as expected.

However, I'm unsure how to verify the OTP correctly afterward. I've tried this:

await supabase.auth.verifyOtp({
  email,
  token, // the 6-digit code
  type: 'email' // also tried 'recovery' and 'magiclink'
});

await supabase.auth.verifyOtp({
  email,
  token, // the 6-digit code
  type: 'email' // also tried 'recovery' and 'magiclink'
});

But it always returns

otp_expired

otp_expired

invalid

invalid

, even immediately after receiving the code.

My questions:
1. What is the correct

type

type

for verifying the OTP after

reauthenticate()

reauthenticate()

?
2. Is there a special flow or method required to complete the reauth and resume the

updateUser()

updateUser()

request?
3. Should I use

verifyOtp

verifyOtp

refreshSession

refreshSession

, or something else to confirm the reauthentication?

Any working example or documentation link would be super helpful. Thank you!