Hi, I'm trying to do email verification on thirdpa...
# support-questions
i
Hi, I'm trying to do email verification on thirdpartyemailpassword recipe, but it doesn’t work. However, I do everything like in example(with-thirdpartyemailpassword-passwordless) for reactjs.
r
Hey @IaS1506
Can I see your frontend and backend supertokens.init config?
i
frontend
r
hmm. And whats the error?
i
backend
problem is when you sign up with email and password, it redirect to verify-email endpoint
r
Is it possible for you to send the code in text form?
as opposed to images
i
yeah, ок
backend
frontend
and the end problem is that in supertokens example with api it shows form and send email
but with my variant it doesn't do anything
p. s. i use export of FDI Api on backend
j
Hey @IaS1506 we are taking a look, will get back to you
i
Ok, thank you
j
Hey @IaS1506 as mentioned in the example app you will need to override the
EmailVerificationSendVerifyEmail_Override
component on the frontend as seen here https://github.com/supertokens/supertokens-auth-react/blob/master/examples/with-emailverification-with-otp/src/App.tsx#L43
i
ok, thanks, i will try and then write you how it work
j
Alright, if there are any issues please let us know.
i
Another issue that i cant use my otpservice inside passwordless recipe initialization
it says that cannot acces to the private variable of supertokens service
j
Hey, could you show me in your code where you are having this issue
i
in constructor i define otpService
but in sendcustomemail i have not access to it by "this"
j
Its cause otpService is not part of SuperTokens, can you show me where you are defining otpService
i
and in auth module i defined imports
import { DynamicModule, MiddlewareConsumer, Module, NestModule } from '@nestjs/common'; import { AuthModuleConfig, ConfigInjectionToken } from './config.interface'; import { SupertokensAuthService } from './supertokens-auth-service/supertokens-auth.service'; import { SupertokensAuthMiddleware } from './supertokens-auth.middleware'; import { OtpService } from '../otp/otp.service'; @Module({ providers: [SupertokensAuthService, OtpService], exports: [], controllers: [] }) export class SupertokensAuthModule implements NestModule { configure(consumer: MiddlewareConsumer) { consumer.apply(SupertokensAuthMiddleware).forRoutes('*'); } static forRoot({ connectionURI, apiKey, appInfo }: AuthModuleConfig): DynamicModule { return { providers: [ { useValue: { appInfo, connectionURI, apiKey }, provide: ConfigInjectionToken } ], exports: [], imports: [OtpService], module: SupertokensAuthModule }; } }
r
can you please format the code properly?
j
You should be able to import
OtpService
where you define your backend code and call it in your
createAndSendCustomEmail
function without using
this
i
Hi, I have another one issue in thirdpartyemailpassword. I post endpoint /user/email/verify/token and then get an error of supertokens core: "code":422,"message":"SuperTokens core threw an error for a GET request to path: '/recipe/user' with status code: 400 and message: Please provide one of userId or email\n". I have 9.2.3 version of SDK, so what is wrong with this recipe?
r
Can i see the request you sent?
Try adding a Content-Type: application/json header as well?
i
And how can i do it?
Thats a post operation to endpoint and error in response
So, where should i set content type application/json header?
r
how are you sending the reqyuest? postman? curl? fetch? axios?
i
With your API, not with postman, curl, fetch or axios
Using swagger
recipe emailpassword works correctly but thirdpartyemailpassword does not work
r
well.. swagger can be a bit inaccurate.
you also need to pass in the sAccessToken
in the cookies
i
I am using same values of sAccessToken and sIdRefreshToken for both tests: emailpassword and thirdpartyemailpassword. But result is different.
r
which recipes are you initialising on the frontend and backedn?
You need to stick to the same recipes on frontend and backend
i
as result I should add EmailPassword.init but I want to use ThirdPartyEmailPassword.init only
r
Im gonna need more info about this. Can we get on a quick call?
i
go
r
Join Zoom Meeting https://us06web.zoom.us/j/85383174603?pwd=YnJQWXJBYmVPd05uU0g1RDZ2aGtvUT09 Meeting ID: 853 8317 4603 Passcode: 439919 One tap mobile +13462487799,,85383174603#,,,,*439919# US (Houston) +16699006833,,85383174603#,,,,*439919# US (San Jose) Dial by your location +1 346 248 7799 US (Houston) +1 669 900 6833 US (San Jose) +1 929 205 6099 US (New York) +1 253 215 8782 US (Tacoma) +1 301 715 8592 US (Washington DC) +1 312 626 6799 US (Chicago) Meeting ID: 853 8317 4603 Passcode: 439919 Find your local number: https://us06web.zoom.us/u/kcLiwGi4a9
i
Yeah, everything alright now, thank you
r
ok awesome!
@IaS1506 you tried the demo app from the other branch?
i
Yeah, from account-linking branch, it now works for me
r
ok great. Just a quick note, that demo app is not complete and has fairly complex customisations.
We are working on making account linking easier. But should take ~1-2 months.
i
Yeah, I saw it, but I have not much time, so I think that I will have to improve it faster
)
But then i will be waiting for this)
r
cool!
i
Hi, now i have a question - how to do account linking correctly). In my situation 1 I register an account with email "test" by thirdparty and then register with emailpassword. This will create two separate users with same email without same primary user(and passwordless with this email wont work). In another situation 2 I register at first user with email by emailpassword and then user with the same email wont register by thirdparty(email exists error). I remember that you said its raw functionality, but do ypu have any idea how to fix it?)
r
the demo app should do account linking properly if the emails are verified. Whcih demo app are you using?
If you register a user in email password, make sure to also verify their email before. If verification is not done, the account won't be linked.
i
i tried another scenario, i register user with email "test" as passwordless and its create user with primary-user prefix, then i register with thirdparty with the same email and its create user with the same primary-user prefix, then I register user with email password by: 1. Send verification mail with otp code 2. Check otp code from form 3. Create user with verified mail - this creates user without primary-user prefix
r
you need to go through our email verification flow for it to work - are you doing that?
i
ooops... I will add this now
can you help me with this, I just added all functionality, but user still creates without primary-user ...(
r
can you run the demo app without any of your customisations and then try and login?
it will be difficult for me to go into your custom setup and help you out
i
:/ Ok
r
when the default app works as expected, then you can start to add your customisations on top of it one by one, and for that, I can help 🙂
i
Hi, I have question. How can I override password hashing algorithm?
And can i even do it
?)
r
Hey @IaS1506 we have two of them by default - bcryt and argon2. If you don’t want to use either, you can override the signIn, signUp, resetPassword recipe functions on the backend to do your own hashing before calling the original implementation. This will essentially apply two hashes to a plaintext password: one which you do, and one which the core does. So I’m effect, the security of the password hash is equivalent to the max security of both the hashes applied to it.
i
ok, i suupose that it's clear
And one another question: is there in your examples repository workable solution for integrating own reset password functionality?
r
you mean your own custom UI? Or something else?
i
I mean I want when I press "Reset password", I go to email entering page and then i want to generate otp for reset password and link to otp form, then enter otp and go to "new password" form, enter new password and then get to login page
r
ah right. So it's a different way of doing password reset. We use links for password reset, not OTP.
Whilst you can cusotmise supertokens to use OTPs instead of links, you will have to store and manage the OTPs yourself.
i
I have managed otp for email verefication already
But i had a schema for email verification, what i need to do to get workable solution in your examples
For reset password i have not found any of examples with it
So my problem is to know what i have to use to integrate it with myself
r
ah rigth. We don't have an example for it, but it would be similar to how you did for email verification
there will be equivalent functions related to reset password that you would need to override
i
ok, I resulted to send me reset password code to email
but i see next screen
what should i override to see otpscreen instead?
r
Which recipe are you iusing again?
i
thirdpartyemailpassword
r
You should override
EmailPasswordResetPasswordEmail_Override
this will allow you to change the form in which the email is entered, and the form which shows the above message in your screenshot
i
ok, but i have misunderstanding: I should see form of entering email, then screenshot, then new password. So if i override EmailPasswordResetPasswordEmail_Override, how can i link behaviour for redirecting to otp form and then to new-password form?
r
On the frontend, you can override the recipe function that sends the password reset email and then post calling the original implementatino, you can redirect the user to your ewnter OTP form
i
ok, i will try it, thanks
ok, sorry for lots of questions, but when i considered to use links (as your default variant) i get unathorized exception. It is logical, bc user does not have session when he is not logined, so how can i resolve it: create temporary session or you already had similar mechanism?
r
this is for email verification or reset password?
i
reset password
r
hmm. reset password should not require a session
if you are using the token to reset a password
i
🤔
ah, it's my fault, sorry
a
Hi @rp, is there currently a way to manually trigger the sending of a verification email when using a custom UI? In my case i've built a custom UI for both login and signup. I've got both working through using the sdk. After a user is successfully authenticated for login I direct them to / which routes them to auth/verify-email because the email hasn't been verified yet. From my read of the docs, the email doesn't seem to be sending automagically because i'm using my own custom UI (which isn't manually overriding my frontend config) my UI components are separate to the frontendConfig. I see this function: https://supertokens.com/docs/auth-react/modules/recipe_thirdpartyemailpassword.html#sendVerificationEmail But my guess is that I can use this with overriding the frontendConfig, my question is . . . can I use this method or send the verification email with my custom UI? and if so, how?
r
You can use this method in your own UI. Just do
await ThirdPartyEmailPassword.sendVerificationEmail()
and that should call the API that generates and sends an email verification email to the currently logged in user.
a
Thanks for this @rp
3 Views