Setup password reset

auth

Hello I need help with setting up the password reset. I made a simple form where you put in your email and supabase sends the password reset link it works all fine until it comes to the link. when i click it, it always shows up this in the url:
http://localhost:3000/password-reset#error=access_denied&error_code=otp_expired&error_description=Email+link+is+invalid+or+has+expired

And i have no idea why. My password reset is http://localhost:3000/password-reset.html and i also added this redirect url . I dont know how to fix that

if (hash && (hash.includes('access_token') || hash.includes('error='))) {
      console.log('🔄 OAuth Callback erkannt → Weiterleitung zu /password-reset.html');
      return Response.redirect(`${url.origin}/password-reset.html${hash}`, 302);
    }

    if (pathname === '/auth/reset-password' && request.method === 'POST') {
      try {
        const { email } = await request.json();

        if (!email || !/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email)) {
          return new Response(JSON.stringify({ error: 'Invalid email address' }), {
            status: 400,
            headers: { 'Content-Type': 'application/json', ...CORS_HEADERS }
          });
        }

        const { error } = await supabase.auth.resetPasswordForEmail(email, {
          redirectTo: 'http://localhost:3000/password-reset.html'
        });

        if (error) {
          console.error('Reset error:', error);
          return new Response(JSON.stringify({ error: error.message }), {
            status: 400,
            headers: { 'Content-Type': 'application/json', ...CORS_HEADERS }
          });
        }

        return new Response(JSON.stringify({ message: 'Password reset email sent' }), {
          status: 200,
          headers: { 'Content-Type': 'application/json', ...CORS_HEADERS }
        });

      } catch (error) {
        console.error('Reset error:', error);
        return new Response(JSON.stringify({ error: 'Failed to send reset email' }), {
          status: 500,
          headers: { 'Content-Type': 'application/json', ...CORS_HEADERS }
        });
      }
    }

if (hash && (hash.includes('access_token') || hash.includes('error='))) {
      console.log('🔄 OAuth Callback erkannt → Weiterleitung zu /password-reset.html');
      return Response.redirect(`${url.origin}/password-reset.html${hash}`, 302);
    }

    if (pathname === '/auth/reset-password' && request.method === 'POST') {
      try {
        const { email } = await request.json();

        if (!email || !/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email)) {
          return new Response(JSON.stringify({ error: 'Invalid email address' }), {
            status: 400,
            headers: { 'Content-Type': 'application/json', ...CORS_HEADERS }
          });
        }

        const { error } = await supabase.auth.resetPasswordForEmail(email, {
          redirectTo: 'http://localhost:3000/password-reset.html'
        });

        if (error) {
          console.error('Reset error:', error);
          return new Response(JSON.stringify({ error: error.message }), {
            status: 400,
            headers: { 'Content-Type': 'application/json', ...CORS_HEADERS }
          });
        }

        return new Response(JSON.stringify({ message: 'Password reset email sent' }), {
          status: 200,
          headers: { 'Content-Type': 'application/json', ...CORS_HEADERS }
        });

      } catch (error) {
        console.error('Reset error:', error);
        return new Response(JSON.stringify({ error: 'Failed to send reset email' }), {
          status: 500,
          headers: { 'Content-Type': 'application/json', ...CORS_HEADERS }
        });
      }
    }

it redirects correctly but the html always says

Reset Your Password
Error: Email link is invalid or has expired

Setup password reset

auth

if (hash && (hash.includes('access_token') || hash.includes('error='))) {
      console.log('🔄 OAuth Callback erkannt → Weiterleitung zu /password-reset.html');
      return Response.redirect(`${url.origin}/password-reset.html${hash}`, 302);
    }

    if (pathname === '/auth/reset-password' && request.method === 'POST') {
      try {
        const { email } = await request.json();

        if (!email || !/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email)) {
          return new Response(JSON.stringify({ error: 'Invalid email address' }), {
            status: 400,
            headers: { 'Content-Type': 'application/json', ...CORS_HEADERS }
          });
        }

        const { error } = await supabase.auth.resetPasswordForEmail(email, {
          redirectTo: 'http://localhost:3000/password-reset.html'
        });

        if (error) {
          console.error('Reset error:', error);
          return new Response(JSON.stringify({ error: error.message }), {
            status: 400,
            headers: { 'Content-Type': 'application/json', ...CORS_HEADERS }
          });
        }

        return new Response(JSON.stringify({ message: 'Password reset email sent' }), {
          status: 200,
          headers: { 'Content-Type': 'application/json', ...CORS_HEADERS }
        });

      } catch (error) {
        console.error('Reset error:', error);
        return new Response(JSON.stringify({ error: 'Failed to send reset email' }), {
          status: 500,
          headers: { 'Content-Type': 'application/json', ...CORS_HEADERS }
        });
      }
    }

if (hash && (hash.includes('access_token') || hash.includes('error='))) {
      console.log('🔄 OAuth Callback erkannt → Weiterleitung zu /password-reset.html');
      return Response.redirect(`${url.origin}/password-reset.html${hash}`, 302);
    }

    if (pathname === '/auth/reset-password' && request.method === 'POST') {
      try {
        const { email } = await request.json();

        if (!email || !/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email)) {
          return new Response(JSON.stringify({ error: 'Invalid email address' }), {
            status: 400,
            headers: { 'Content-Type': 'application/json', ...CORS_HEADERS }
          });
        }

        const { error } = await supabase.auth.resetPasswordForEmail(email, {
          redirectTo: 'http://localhost:3000/password-reset.html'
        });

        if (error) {
          console.error('Reset error:', error);
          return new Response(JSON.stringify({ error: error.message }), {
            status: 400,
            headers: { 'Content-Type': 'application/json', ...CORS_HEADERS }
          });
        }

        return new Response(JSON.stringify({ message: 'Password reset email sent' }), {
          status: 200,
          headers: { 'Content-Type': 'application/json', ...CORS_HEADERS }
        });

      } catch (error) {
        console.error('Reset error:', error);
        return new Response(JSON.stringify({ error: 'Failed to send reset email' }), {
          status: 500,
          headers: { 'Content-Type': 'application/json', ...CORS_HEADERS }
        });
      }
    }

it redirects correctly but the html always says

Reset Your Password
Error: Email link is invalid or has expired

Setup password reset

Setup password reset

Similar Threads

Similar Threads

Similar Threads