-
Notifications
You must be signed in to change notification settings - Fork 383
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
updateUser vs admin.updateUserById behavior with Anonymous Users #1578
Comments
Also running into this trying to transition from Firebase auth to Supabase auth. We always create anonymous accounts for new users then later let them link with social auth or enter an email and password without email verification. Currently with supabase auth it seems like it's impossible to set a password for an anonymous account without email verification. IMO this is a bug. If email verification is disabled in the project it should not be required to verify email to link email/password credentials to an anonymous account. This may be a blocker to us releasing our transition to Supabase auth. @hf @kangmingtay any thoughts on this? The current behavior makes it impossible to link an email/password to an anonymous account without email verification. That came as a big surprise given that there's a setting to disable email verification. |
hi @r-southworth and @evelant, thanks for raising this issue! i've just made a PR to fix this partially (at least for the admin update user endpoint - it should be updating the is_anonymous field to false if
This seems like a separate issue which i'll look into fixing next week |
## What kind of change does this PR introduce? * Fixes supabase#1578
## What kind of change does this PR introduce? * Fixes supabase#1578
## What kind of change does this PR introduce? * Fixes supabase#1578
Bug report
Describe the bug
There is no way to convert an anonymous user to a permanent user without sending a confirmation email. updateUser and admin.updateUserById have inconsistent behavior
To Reproduce
Steps to reproduce the behavior, please provide code snippets or a repository:
Expected behavior
I would expect
called from the server to convert a user from anonymous to email with no need for a confirmation email.
Currently that call adds the email address AND confirms the user but leaves them as provider = anonymous which makes it impossible to set a password for the user.
Screenshots
If applicable, add screenshots to help explain your problem.
System information
Additional context
The only documented way to change the user from anonymous that I am aware of is listed here: https://supabase.com/docs/guides/auth/auth-anonymous
It seems to require email confirmations.
Regardless of the local setting for
auth.email.enable_confirmations
using thesupabase.auth.updateUser
sends the standard email confirmation to the user.If I have anonymous users I might want to store their information for future reference (ecommerce guest checkout with downloadable products) but since they did not choose to make an account I shouldn't be emailing them about an account AND there is no way to send them a different email than the standard confirmation email. The typical way around sending a confirmation email without turning off email confirmation is to do server side
supabase.auth.admin.updateUserById
however in this case it doesn't convert the user provider from Anonymous and there doesn't seem to be any documentation on how to change that in any other way.More details can be found here: https://discord.com/channels/839993398554656828/1237139614486233119
The text was updated successfully, but these errors were encountered: