Resend email confirmation redirects with malformed URL parameters

I'm using supabase-js. When user clicks on an expired email verification URL it gets redirected to my site with a URL param

error_code=otp_expired

error_code=otp_expired

(e.g.

mysite.com/email-confirmed?error_code=otp_expired&<other params>

mysite.com/email-confirmed?error_code=otp_expired&<other params>

. I can detect that and allow user to resend the verification email using

supabase.auth.resend

supabase.auth.resend

function. How ever when that OTP expires supabase backend redirects me to the correct endpoint but with incorrect URL params (rather malformed URL). The URL looks like

mysite.com/email-confirmed#error_code=otp_expired&<other params>

mysite.com/email-confirmed#error_code=otp_expired&<other params>

. Yes there's a hash instead of a question mark. Got any idea why's that happening?

Simplified code example

await supabase.auth.signUp({
  email: 'me@example.dev',
  password: 'passwd',
  options: {
    emailRedirectTo: 'mysite.com/email-confirmed'
  }
})

// wait for OTP to expire
// click on the email link -> redirected to mysite.com/email-confirmed?error_code=otp-expired&<more params>
// let's resend the verification email

await supabase.auth.resend({
  email: 'me@example.dev',
  type: 'signup',
  options: {
    emailRedirectTo: 'mysite.com/email-confirmed'
  }
})
// wait for the second OTP to expire
// click on the email link -> redirected to mysite.com/email-confirmed#error_code=otp-expired&<more params>
//                                                       see the hash ^

await supabase.auth.signUp({
  email: 'me@example.dev',
  password: 'passwd',
  options: {
    emailRedirectTo: 'mysite.com/email-confirmed'
  }
})

// wait for OTP to expire
// click on the email link -> redirected to mysite.com/email-confirmed?error_code=otp-expired&<more params>
// let's resend the verification email

await supabase.auth.resend({
  email: 'me@example.dev',
  type: 'signup',
  options: {
    emailRedirectTo: 'mysite.com/email-confirmed'
  }
})
// wait for the second OTP to expire
// click on the email link -> redirected to mysite.com/email-confirmed#error_code=otp-expired&<more params>
//                                                       see the hash ^

Resend email confirmation redirects with malformed URL parameters

I'm using supabase-js. When user clicks on an expired email verification URL it gets redirected to my site with a URL param

error_code=otp_expired

error_code=otp_expired

(e.g.

mysite.com/email-confirmed?error_code=otp_expired&<other params>

mysite.com/email-confirmed?error_code=otp_expired&<other params>

. I can detect that and allow user to resend the verification email using

supabase.auth.resend

supabase.auth.resend

function. How ever when that OTP expires supabase backend redirects me to the correct endpoint but with incorrect URL params (rather malformed URL). The URL looks like

mysite.com/email-confirmed#error_code=otp_expired&<other params>

mysite.com/email-confirmed#error_code=otp_expired&<other params>

. Yes there's a hash instead of a question mark. Got any idea why's that happening?

Simplified code example

await supabase.auth.signUp({
  email: 'me@example.dev',
  password: 'passwd',
  options: {
    emailRedirectTo: 'mysite.com/email-confirmed'
  }
})

// wait for OTP to expire
// click on the email link -> redirected to mysite.com/email-confirmed?error_code=otp-expired&<more params>
// let's resend the verification email

await supabase.auth.resend({
  email: 'me@example.dev',
  type: 'signup',
  options: {
    emailRedirectTo: 'mysite.com/email-confirmed'
  }
})
// wait for the second OTP to expire
// click on the email link -> redirected to mysite.com/email-confirmed#error_code=otp-expired&<more params>
//                                                       see the hash ^

await supabase.auth.signUp({
  email: 'me@example.dev',
  password: 'passwd',
  options: {
    emailRedirectTo: 'mysite.com/email-confirmed'
  }
})

// wait for OTP to expire
// click on the email link -> redirected to mysite.com/email-confirmed?error_code=otp-expired&<more params>
// let's resend the verification email

await supabase.auth.resend({
  email: 'me@example.dev',
  type: 'signup',
  options: {
    emailRedirectTo: 'mysite.com/email-confirmed'
  }
})
// wait for the second OTP to expire
// click on the email link -> redirected to mysite.com/email-confirmed#error_code=otp-expired&<more params>
//                                                       see the hash ^

Resend email confirmation redirects with malformed URL parameters

Similar Threads

Resend email confirmation redirects with malformed URL parameters

Similar Threads

Similar Threads

Similar Threads