auth.verifyOtp always failed with invalid or expired token using supabasejs
Hi,
Until yesterday, admin.generateLink was giving me both access_token and refresh_token. But all of a sudden now, its returning only token in the action url. I have tried to verifying the same token using auth.verifyOTP and that fails every time with otp_expired error. I have custom otp email generating flow and validation. Below is the flow. attached a file with my code snippet and sample logs for the same. I am using "@supabase/supabase-js": "^2.45.3", in my NestJS api project. In the snippet code, "client" is created by service role key and "publicClient" is created by anon key of my supabase project. Can anyone please help in resolveing this issue. Thanks in advance. Let me know if you need more details.
Flow:
1. I generate otp to user's email by custom logic.
2. users submit otp and validation hits.
3. once otp is valid, try to create supabase session using generateLink recovery type.
const { data: linkResult, error: linkErr } = await client.auth.admin.generateLink({
type: 'recovery',
email: normEmail,
options: { redirectTo: undefined },
});
const verifyType = (linkType === 'recovery' linkType === 'invite' || linkType === 'signup') ? (linkType as any) : 'recovery';
const verifyOtpReq: any = { email: normEmail, token: recoveryToken, type: verifyType };
console.log('verifyOtp Request:', JSON.stringify(verifyOtpReq));
const { data: verified, error: verifyErr } = await publicClient.auth.verifyOtp(verifyOtpReq);
Until yesterday, admin.generateLink was giving me both access_token and refresh_token. But all of a sudden now, its returning only token in the action url. I have tried to verifying the same token using auth.verifyOTP and that fails every time with otp_expired error. I have custom otp email generating flow and validation. Below is the flow. attached a file with my code snippet and sample logs for the same. I am using "@supabase/supabase-js": "^2.45.3", in my NestJS api project. In the snippet code, "client" is created by service role key and "publicClient" is created by anon key of my supabase project. Can anyone please help in resolveing this issue. Thanks in advance. Let me know if you need more details.
Flow:
1. I generate otp to user's email by custom logic.
2. users submit otp and validation hits.
3. once otp is valid, try to create supabase session using generateLink recovery type.
const { data: linkResult, error: linkErr } = await client.auth.admin.generateLink({
type: 'recovery',
email: normEmail,
options: { redirectTo: undefined },
});
const verifyType = (linkType === 'recovery' linkType === 'invite' || linkType === 'signup') ? (linkType as any) : 'recovery';
const verifyOtpReq: any = { email: normEmail, token: recoveryToken, type: verifyType };
console.log('verifyOtp Request:', JSON.stringify(verifyOtpReq));
const { data: verified, error: verifyErr } = await publicClient.auth.verifyOtp(verifyOtpReq);
otp_failure_code.txt5.32KB
