-
-
Notifications
You must be signed in to change notification settings - Fork 153
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
supabase.auth.admin.generateLink() don't work with PKCE flow #767
Comments
There's an increasing amount of people bringing this up. I'm fairly sure this isn't supported right now; although #722 claims to fix it. Related: supabase/auth-helpers#610 |
hey @tobiassern, note, the code verifier is meant to prevent replay attacks, which is why it has to be created when the authentication request starts and sent when the verification request is made (ensures that the person verifying is the same person who requested for the auth). we are aware that this is a problem if you are using the auth-helpers and we're working on a separate solution to fix it |
have you tried the solution proposed by @kamerat ? |
Bug report
Describe the bug
When using the PKCE flow and generating a link with supabase.auth.admin.generateLink() it doesn't not generate a link that supports the PKCE flow as the code is missing in the url.searchParams when hitting the callback url
It works as expected when using supabase.auth.signInWithPassword() and letting supabase send the e-mail
To Reproduce
Code
Output in console log
In the callback route I try to get the code searchParams but it is null.
Expected behavior
When using generateLink with the pkce flow I expect that when the user is redirected to the callback route, the code searchParam is included.
Screenshots
If applicable, add screenshots to help explain your problem.
System information
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: