Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Phone update does not require an otp locally #28412

Open
2 tasks done
florian-lefebvre opened this issue Aug 6, 2024 · 7 comments
Open
2 tasks done

Phone update does not require an otp locally #28412

florian-lefebvre opened this issue Aug 6, 2024 · 7 comments
Labels
auth All thing Supabase Auth related awaiting-details For issues needing detail from the opener. bug Something isn't working external-issue local-dev This is for issues relating to the local development workflow using the CLI

Comments

@florian-lefebvre
Copy link
Contributor

Bug report

  • I confirm this is a bug with Supabase, not with my own application.
  • I confirm I have searched the Docs, GitHub Discussions, and Discord.

Describe the bug

To update a user's phone, the following needs to be done:

// 1. user must be logged in
// 2. update phone number
await supabase.auth.updateUser({
	phone: "new phone"
})
// 3. user inputs otp they received
await supabase.auth.verifyOtp({
	phone: "new phone",
	token: "...",
	type: "phone_change"
})

However locally, calling updateUser updates the auth.users row directly. I tested on a test hosted supabase instance and it worked as intended fyi.

To Reproduce

Steps to reproduce the behavior, please provide code snippets or a repository:

  1. Have Supabase configured locally using the CLI and running

  2. Create a user using phone provider

  3. Login then call

    await supabase.auth.updateUser({
	phone: "new phone"
})

  4. Check the auth.users table and see phone is updated directly

Expected behavior

Locally, auth.users row columns should be updated with phone change stuff and an otp should be sent.

System information

  • OS: Win 11
  • Version of supabase-js: 2.43.5
  • Version of Node.js: 20.11.1
@florian-lefebvre florian-lefebvre added the bug Something isn't working label Aug 6, 2024
@encima
Copy link
Member

encima commented Aug 6, 2024

Thanks for opening!
Which phone provider are you using and how have you configured it?

@encima encima added auth All thing Supabase Auth related awaiting-details For issues needing detail from the opener. local-dev This is for issues relating to the local development workflow using the CLI and removed to-triage labels Aug 6, 2024
@florian-lefebvre
Copy link
Contributor Author

Thanks for the quick answer! I'm using the twilio provider and locally I'm doing the following to avoid having the twilio creds send to prod users by mistake:

[auth.sms.test_otp]
61491572549 = "123456"
# Inexistent user in the seed file, used to test registration and phone update
61491576398 = "123456"

# NOTICE THE EMPTY STRINGS
[auth.sms.twilio]
enabled = true
account_sid = " "
message_service_sid = " "
auth_token = " "

Note that this works perfectly for any other otp related operation

@choim4389
Copy link

same issue here

@Mohamdrebhi13
Copy link

Ghada [email protected]

@Mohamdrebhi13
Copy link

Hosni Rabhi @gmail.com

@LastxTemplar
Copy link

Same here, did anyone find a workaround?

@florian-lefebvre
Copy link
Contributor Author

I don't think there are any, I'm not testing this flow locally at all for now

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auth All thing Supabase Auth related awaiting-details For issues needing detail from the opener. bug Something isn't working external-issue local-dev This is for issues relating to the local development workflow using the CLI
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@encima @choim4389 @LastxTemplar @florian-lefebvre @Mohamdrebhi13