Users unable to reset their password via Supabase Auth
Hi, I’m an admin and I set up accounts for new users using email + password without requiring emails to be confirmed. I am unable to sign in using said passwords, so then I tried to ask my users to go through the forgot password flow. They receive the forgot password email but after clicking on the link they see the error message: “Invalid or expired reset token” I am unable to repro their issue as an admin and also unable to sign in with the original passwords they had set so I am completely blocked unable to onboard the users. Please help as this is super urgent!!!
5 Replies
Invalid or expired tokenIt could be happening because of email prefetching https://supabase.com/docs/guides/auth/auth-email-templates#email-prefetching You also have to option to change the user's password using admin api https://supabase.com/docs/reference/javascript/auth-admin-updateuserbyid
When you created the account did you set the email to confirmed already? If not the user won’t be able to sign in if you have email confirmation turned on in your Supabase project itself.
when I created the account, I had the setting "Allow anonymous sign-ins"
I also had turned off the Confirm email setting under Auth, i.e. no need for "Users will need to confirm their email address before signing in for the first time"
Can you also explain why the original passwords I set for the user during signup cannot be used to log in-- I'm getting the error "Invalid login credentials"? That's the crux of the issue here
Anonymous signins is something you enable when you want to allow users to authenticate without any email/phone/oauth. And later user can link an auth method to this anonymous account.
How are you creating these users ?
Also if you can see the network tab make sure the password and email are being sent in the body of the request.