supabase-flutter icon indicating copy to clipboard operation
supabase-flutter copied to clipboard
verified publisher icon supabase

signInWithOtp does not return OTP type, making it unclear whether to use sign-up confirmation or magic link flow

Open bennajah0 opened this issue 1 year ago • 2 comments

Describe the bug The signInWithOtp method does not return any indication of which OTP type (sign-up confirmation or magic link) was sent. This makes it unclear which flow to follow in the verifyOtp method, as the OTP type depends on whether the user's email is verified.

To Reproduce Steps to reproduce the behavior:

  1. Call signInWithOtp with an email that may or may not be verified.
  2. Observe that the method returns null, with no indication of whether a sign-up confirmation or a magic link email was sent.

Expected behavior I expect signInWithOtp to return an indicator of the OTP type (e.g.,the email is verified, sign-up confirmation or magic link) so that I can handle the appropriate verification flow in the verifyOtp method.

Screenshots If applicable, add screenshots to help explain your problem.

Version (please complete the following information): supabase_flutter 2.8.0 supabase 2.5.0 functions_client 2.4.0 gotrue 2.10.0 postgrest 2.3.0 realtime_client 2.4.0 storage_client 2.2.0

Additional context This enhancement would allow developers to handle OTP verification flows more accurately by knowing which type of OTP was sent.

bennajah0 avatar Nov 04 '24 20:11 bennajah0

The SignInWithOtp method can be used for both sign-in and sign-up, while verifyOtp handles the OTP verification for SignInWithOtp.

This approach supports different OtpType values:

OtpType.signup: for cases where the email does not exist or is unverified.

OtpType.magiclink: for cases where the email is already verified.

Because of this, it’s not always clear if SignInWithOtp is being used for sign-in or sign-up.

ghost avatar Nov 06 '24 10:11 ghost

The SignInWithOtp method can be used for both sign-in and sign-up, while verifyOtp handles the OTP verification for SignInWithOtp.

This approach supports different OtpType values:

OtpType.signup: for cases where the email does not exist or is unverified.

OtpType.magiclink: for cases where the email is already verified.

Because of this, it’s not always clear if SignInWithOtp is being used for sign-in or sign-up.

Suppose there is a single email field for handling SignInWithOTP for both verified and non-verified emails.

When calling verifyOTP, the OtpType should be passed based on whether the user's email is verified or not. The issue is that the initial SignInWithOTP method does not provide a clear response indicating whether the user exists or if their email is unverified.

bennajah avatar Mar 06 '25 20:03 bennajah