NextJS: How do I set password for a user that was invited by email
Hi, everyone.
I'm running a Next App with app router, and it will only allow users that has been invited by email - no signups. I've managed to create a route that actually reads the hash_token and type. I then also redirect the user to a (server side)
set-password page, where I have a (client) form component. So far, so good.
Now, I need to somehow let the user set a password. I1m not sure how to do this. I would like to do this on the server (server component + action, if possible.
In the docs I can find two different methods; updateUser and under "Auth Admin" the updateUserById.
Could anyone explain to me the best way of doing this?
Also, what is the best practice in a situation like this? As far as I understand, and can see in my Supabase Dashboard, the invited user is "signed in" at the moment he is at the "Set password" page. I should probably hide the navbar at this point, so that he has to set his password?4 Replies
You should use the updateUser method. As for the other question I just set a cookie stating that password hasn’t been set and use that to redirect them to the set password page and as a guard so they cannot go to any other pages.
awesome @silentworks . Do you set the cookie in the handler route, if I may ask? And, do you let the middleware redirect the user back to the set-password page, in that case?
Yeah this is how I handle it.
You can see an example here https://github.com/silentworks/supabase-by-example/blob/main/nextjs/lib/supabase/middleware.ts#L64-L69
I assume you are using Next.js
And this is where I set the cookie https://github.com/silentworks/supabase-by-example/blob/main/nextjs/app/auth/confirm/route.ts#L19-L21
Do note that the cookie method is relying on the user clicking the link in the email and continuing on the same device. You could also store this state in the database in a table, but I think a cookie is effective enough for my case.
Thanks @silentworks 🙏 I'll try this 🙂