Hi there, I’ve got a question around recipe user id usage for email verification please as I’m not s...

david_61794

10/31/2023, 3:27 PM

Hi there, I’ve got a question around recipe user id usage for email verification please as I’m not sure if there is a bug in

getUser

or I just don’t understand how user id mapping is supposed to work between recipe user ids and external ids. Currently we’re mapping our users to an external id with

createUserIdMapping

after signing them up. We then verify their emails using the external id as it’s the id returned by calling

getUser

. Once the email is verified, a row is added to

emailverification_verified_emails

with the external user id as the

user_id

in the database. This works well as the email verification claim

st-ev

true

in the access token jwt and if I call

isEmailVerified

with the external user id converted to a recipe user id then it returns true. The problem seems to be with

getUser

as it returns a list of

loginMethods

but the

verified

flag is false even though

isEmailVerified

returns true if I check using the same

recipeUserId

and email returned in the login method. The email verification claim for this user is

true

in the access token too. However if I change the logic to verify the email based on the supertokens user id instead, then

getUser

will return the login method

verified

as true but the email verification claim

st-ev

is false. I may be misunderstanding how the different ids are supposed to be used but it seems like

getUser

may be returning the verification status of the email login method incorrectly please?

rp_st

10/31/2023, 3:32 PM

Hey @david_61794

rp_st

10/31/2023, 3:32 PM

So if I understand correctly, with the external user Id being used, everything works fine, except that the loginMethods returns that the email is not verified?

rp_st

10/31/2023, 3:35 PM

if yes, then this is indeed a bug in the core. We will fix it tomorrow / day after and release a new version.

david_61794

10/31/2023, 3:39 PM

Yes precisely. That seems to be what is happening. Thank you very much @rp_st 🙏

rp_st

10/31/2023, 3:40 PM

@sattvikc can also help here.

rp_st

10/31/2023, 3:44 PM

> We then verify their emails using the external id as it’s the id returned by calling getUser. I think the actual issue is this @david_61794 When calling the verify user function, you need to pass in the recipeUserId - how are you verifying the user?

rp_st

10/31/2023, 3:49 PM

@david_61794

rp_st

10/31/2023, 3:56 PM

also, do you have multiple loginMethods for the user or just one?

david_61794

10/31/2023, 4:06 PM

Just a single login method. We're currently calling the

sendEmailVerificationEmail

with the external id as the user id and recipe user id which is probably where the issue is coming from then as you say. I believe when upgrading to the most recent version os Supertokens, we were having issues with sending the emails after passing in the recipe user id from the signup call so just went with using the external id as it appeared to be working.

david_61794

10/31/2023, 4:08 PM

So for calls to

sendEmailVerificationEmail

should we just be using the supertokens user id (instead of external id) and the recipe user id from the signup call then?

rp_st

10/31/2023, 4:25 PM

so the recipeUserId is the value that determines for which userId the email verification token is going to be generated

rp_st

10/31/2023, 4:26 PM

can i see how you are calling this function?

david_61794

10/31/2023, 4:34 PM

Sure thing, in our function override for

emailPasswordSignup

we've got:

Copy code

const response =
  await originalImplementation.emailPasswordSignUp(input);

await supertokens.createUserIdMapping({
  superTokensUserId: response.user.id,
  externalUserId: input.userContext.externalUserId,
});

const updatedUser = await supertokens.getUser(
  input.userContext.externalUserId,
);

// With the mapping update, the id and login methods have changed so update the response so that the session creation after this succeeds
response.user = updatedUser;
response.recipeUserId = supertokens.convertToRecipeUserId(
  input.userContext.externalUserId,
);

await EmailVerification.sendEmailVerificationEmail(
  "public",
  response.user.id,
  response.recipeUserId,
);

rp_st

10/31/2023, 4:40 PM

is the value of

updatedUser.loginMethods[0].recipeUserId

the external user ID as well? Or a UUID that we generate?

david_61794

10/31/2023, 4:51 PM

It's the same as the external user ID

rp_st

10/31/2023, 4:51 PM

right yea! Okay. So this is an issue with the core.

rp_st

10/31/2023, 4:51 PM

We will fix it and release a new version

rp_st

10/31/2023, 4:51 PM

if you can open a GH issue about it, that would be great

david_61794

10/31/2023, 4:53 PM

Thanks very much will do. I guess the expected behaviour is that the recipe user ID will always be the UUID that supertokens generates and the

user.id

will either be the external mapped id or the supertokens generated id if there is no mapped id?

rp_st

10/31/2023, 4:55 PM

no.. the recipeUserId being the external one is fine. The bug is that the email verification query that filles in the loginMethod's verified field doesn't take into account the external user id mapping!

david_61794

10/31/2023, 4:56 PM

Ah okay, thanks for clarifying 🙏 Raising the issue on

sueprtokens-core

now

rp_st

10/31/2023, 4:57 PM

perfect! thanks

rp_st

11/01/2023, 1:45 PM

@david_61794 this should be fixed now. If using our managed service, it should be fixed for you now. If you are using self hosted, please repull the image with tag

7.0

. If the error persists, lmk

41 Views

Previous Next

SuperTokens.com

SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).