Verifying users created in Supabase before they themselves sign up
Hi all, I have a use case where existing, registered & verified users create contacts. Each contact has an email address, and, obviously, I want to convert the contacts into verified users. So, when a user creates a contact and gives me an email address, I actually create a new Supabase user (via
createUser) & app user record for that contact by email address, unless they already exist, and then the creating user's contact record simply references the contact's app user record by id (which is the same as the Supabase auth user id). Later, by virtue of messages sent by the user to the contact, the contact comes back to the site to view a message in response to an email I send them. Problem is, I'm not sure how best to verify the user of the contact that is visiting the site for the first time. By the time some user's contact visits the site, they already have a Supabase user & app user record, so this is different than the normal sign up flow. My first issue is how to know whether the user has ever visited the site. I'm planning on storing a property on either the Supabase user user_metadata object or the app user record that indicates whether they've visited the site. Really, what I care about is not whether they've visited the site ever, but whether they've verified their email. So, if I determine that the incoming contact has not yet verified their email, I want to either send an email verification email if one hasn't been sent yet, or offer to resend the verification email. In either case, what's the best way to detect whether the user has verified their email, and if they haven't, how to cause supabase to send/resend the verification email. The kicker in all of this is that I want to do all of this activity server-side.1 Reply
The reason for doing this server-side, by the way, is so they can just click the "view my messages" link I send to them via email, wherein I do all of the verification detection server-side, then either redirect them to the "verify your email to see your messages" page if they're unverified, or to the "set a password" page if they haven't set a password yet, or to the actual page that shows their messages if they're verified and have set a password. How would y'all implement the logic to detect whether their email has been validated, to send/resend a verification email, and to detect whether they've set a password yet? It seems like some of the Supabase APIs don't work the same from the server-side than they do the client-side (
resend, etc).