Comments (9)
Another question - if someone has logged in with email and password, should we also allow them to trigger a "Magic link" email, then login without their password?
I'd say yes, we can assume a user's email to be a secure channel, seeing that reset password uses the same channel.
from gotrue.
will depend on changes to the recovery flow #18
from gotrue.
from gotrue.
from gotrue.
finishing the spec for this
assumptions:
- we add some method to gotrue-js sendMagicLink(email)
outstanding questions:
-
what should happen if the user does not yet exist?
- error message
- create the user and then send them a magic link afterwards
- add this as an option sendMagicLink(email, { createUserIfNotExists : true })
-
do we need a new email template for magic links, or should we have people use the
recovery
email template? (My thinking here is that we can implement this without changing gotrue API too much)- one thing that Thor pointed out is that some people may want to have both magic link and password recovery email templates (although the way they work is pretty much the same)
preference @kiwicopple @thorwebdev ?
from gotrue.
what should happen if the user does not yet exist?
As a developer you'd expect the user to be created, if they don't exists already. Throwing an error doesn't make sense, and neither does a createUserIfNotExists
, since I can't think of a situation where you don't want to create a user? (Magic links are a form of sign up)
one thing that Thor pointed out is that some people may want to have both magic link and password recovery email templates (although the way they work is pretty much the same)
I agree here, it would be more similar to a sign up email. Can we use the signup email template, and only trigger it if a new user is created?
from gotrue.
Can we use the signup email template, and only trigger it if a new user is created?
But what email do we then send when the user already exists and just wants to log in? I do think this needs to be a separate route and a separate template, and ideally would be merged back into netlify's gotrue as I think it's a useful feature. Wdyt?
from gotrue.
what email do we then send when the user already exists and just wants to log in?
True. So the route would have to :
- check if the user exists
- if not exists
- create user
- send an email with login link
- if exists
- send an email with login link
- if not exists
The login link email and the password recovery email will be quite different so I think you're right about requiring a GoTrue modification.
Another question - if someone has logged in with email and password, should we also allow them to trigger a "Magic link" email, then login without their password?
from gotrue.
🎉 This issue has been resolved in version 1.3.0 🎉
The release is available on GitHub release
Your semantic-release bot 📦🚀
from gotrue.
Related Issues (20)
- Apple Native Sign In : { "__isAuthError": true, "name": "AuthApiError", "status": 400 } HOT 2
- Event indicating that the confirmation of `updateUser` was successful HOT 3
- AuthApiError: Error invoking access token hook with custom claim HOT 8
- auth.sms.test_otp w/ international numbers HOT 4
- `@supabase/ssr` should include `@types/cookie` as a (non-dev) dependency HOT 3
- Bad migration crashing server HOT 4
- Handle multiple originators for MessageBird phone auth HOT 2
- Should the `admin` create user handler of Auth create identities based on the provider under the hood? HOT 3
- updateUser vs admin.updateUserById behavior with Anonymous Users HOT 2
- Updating a user's password kills their session HOT 7
- Information about Contributing Regional SMS Provider (via Send SMS HTTP Hook) HOT 3
- Supabase Auth latest gotrue migration impossible to resync using Prisma migrate HOT 3
- AuthException(message: FormatException: Unexpected end of input (at character 1) HOT 3
- Anonymous account does not have permission on schema "public" despite having valid JWT with "authenticated" role HOT 2
- Supabase should be sending X-Supabase-API-Version in Access-Control-Allow-Headers HTTP header
- REST API documentation consistency improvements HOT 3
- Changing Apple bundle ID causes duplicate users HOT 1
- Raising an exception on postgress via triggers doesn't send the message to the API response HOT 1
- Flow State Not Found HOT 4
- raw_app_meta_data not updated when setting password for 3rd-party authenticated users
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gotrue.