Hi < rp st> I am trying to update the users email and phone SuperTokens.com #general

Hi <@498057949541826571> , I am trying to update ...

anurag06557

02/26/2024, 9:35 AM

Hi @rp_st , I am trying to update the users email and phone Number , and able to succeed so when user has logged in via passwordless. But if user has logged in via thirdParty such as google/apple/facebook and then if i go to update their email i am not able to do so. what can be done to achieve this. below is my code that i am using in order to update th email/phoneNumber.

Copy code

async validateUserCode(userCode: VerifyCodeDto, res: any, id: RecipeUserId) {
    const verified = await consumeCode({
      preAuthSessionId: userCode.preAuthSessionId,
      deviceId: userCode.deviceId,
      tenantId: TENANT_PUBLIC,
      userInputCode: userCode.userInputCode,
    });
    if (verified.status == RESPONSE_STATUS.OK) {
      await deleteUser(verified.user.id, true);
      if (verified.user.emails.length > 0) {
        const update = await updatePasswordlessUser({
          recipeUserId: id,
          email: verified.user.emails[0],
        });
        const tokenRes = await EmailVerification.createEmailVerificationToken(
          TENANT_PUBLIC,
          id,
        );
        if (tokenRes.status === RESPONSE_STATUS.OK) {
          await EmailVerification.verifyEmailUsingToken(
            TENANT_PUBLIC,
            tokenRes.token,
          );
        }
        res.status(HttpStatus.OK).send(update);
      } else if (verified.user.phoneNumbers.length > 0) {
        const update = await updatePasswordlessUser({
          recipeUserId: id,
          phoneNumber: verified.user.phoneNumbers[0],
        });
        res.status(HttpStatus.OK).send(update);
      }
      return;
    }
    res.status(HttpStatus.UNAUTHORIZED).send(verified);
    return;
  }

rp_st

02/26/2024, 11:03 AM

hey @anurag06557

rp_st

02/26/2024, 11:03 AM

i don't recommend that you update the social login email cause when they login again, the email in supertokens will be reset to what the provider provides. So just don't allow users who have a third party account to update emails.

anurag06557

02/26/2024, 11:07 AM

when they login again and no account contains the given email address then a new user should be created instead right?

rp_st

02/26/2024, 11:12 AM

well no. The identification we have is based on the social login user ID. Not the social login email.

anurag06557

02/26/2024, 11:28 AM

anurag06557

02/26/2024, 11:28 AM

then do we need to remove those ids too?

anurag06557

02/26/2024, 11:33 AM

also when any 401 , unauthorised error occurs , then it is automatically calling the refresh function/api, and it goes into loop and doesn't ends. can we restrict this behaviour

rp_st

02/26/2024, 11:34 AM

> then do we need to remove those ids too? Well, in that case it's as good as deleting the user > also when any 401 , unauthorised error occurs , then it is automatically calling the refresh function/api, and it goes into loop and doesn't ends. can we restrict this behaviour does the refresh give a 200?

anurag06557

02/26/2024, 11:36 AM

yes , it does give 200 , but again it checks for the previous api, gets unauthorised adn again refresh is called

rp_st

02/26/2024, 11:43 AM

are you sending 401 yourself somewhere? Or is our session verfiication middleware sending the 401?

anurag06557

02/26/2024, 12:08 PM

you middleware is sending the 401

rp_st

02/26/2024, 12:38 PM

can you enable backend debug logs and show the output when the middleware is called? Also, show me the request headers of the API as seen on chrome

4 Views

Previous Next