Feat: Custom OTP PKCE flow + Improve error logging in authentication flow & handle supabase rate-limit error#89
Merged
ben-fornefeld merged 15 commits intoJul 6, 2025
Conversation
This commit updates the error handling in the authentication process by replacing `logError` with `console.error` for better visibility of errors during code exchange and password reset actions. Additionally, it removes an unused import of `AUTH_URLS` to streamline the code.
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
mishushakov
reviewed
Jul 3, 2025
|
|
||
| if (error) { | ||
| logError( | ||
| console.error( |
Member
There was a problem hiding this comment.
why change from logError > console.error?
Member
Author
There was a problem hiding this comment.
the logger is nice when the args do not include a class instance (error in this case). i am about to fix this but in another pr.
mishushakov
reviewed
Jul 3, 2025
| if (error) { | ||
| console.error(ERROR_CODES.SUPABASE, 'Error resetting password:', error) | ||
| if (error.message.includes('security purposes')) { | ||
| return returnServerError( |
Member
There was a problem hiding this comment.
do you need to return here? returnServerError throws
Member
Author
There was a problem hiding this comment.
no, it's just a convenient wrapper i am using because next-safe-action also has returnValidationError().
returnServerError actually also just throws under the hood since this is the way the actionClient is configured
mishushakov
approved these changes
Jul 3, 2025
Member
Author
|
@mishushakov fyi - i will probably extend this pr in the next iterations so, let's not merge yet |
This commit updates the authentication confirmation route by introducing better handling of redirect URLs based on the type of authentication request. It adds logging for successful and error cases, ensuring clearer visibility of the authentication process. Additionally, the `createRouteClient` function is modified to accept an optional `NextResponse` parameter, allowing for more flexible cookie management during authentication operations.
ben-fornefeld
changed the title
ben-fornefeld
changed the title
ben-fornefeld
changed the title
ben-fornefeld
changed the title
This commit improves the logic for determining redirect URLs in the authentication confirmation process. It introduces checks for absolute URLs and refines the handling of the 'next' parameter, ensuring that recovery requests without a specified destination correctly redirect to the password reset page. This change aims to streamline user navigation during authentication flows.
…onfirmation route This commit enhances the error handling for OTP verification by providing more specific error messages based on the error status. It also updates the response cookie management to support domain-specific settings for absolute redirect URLs, improving the overall user experience during the authentication process.
This PR refactors our authentication flow to improve both user experience and security. Key changes - Hardened redirect logic in the auth callback & confirm routes (origin checks, graceful fallbacks). - Enhanced server-side logging for easier debugging of auth issues.
mishushakov
reviewed
Jul 6, 2025
mishushakov
reviewed
Jul 6, 2025
mishushakov
reviewed
Jul 6, 2025
mishushakov
reviewed
Jul 6, 2025
mishushakov
reviewed
Jul 6, 2025
…ameter handling - Renaming variables for clarity and consistency. - Adding validation for required parameters before processing. - Streamlining the redirect logic based on the type of authentication request.
…cation confirmation route - Introduced Zod schema for validating request parameters. - Improved error logging for invalid parameters and OTP verification. - Streamlined redirect logic based on authentication type and next URL handling.
… normalize trailing slashes
- Added logging for OAuth sign-in actions to improve traceability. - Introduced a new utility for error handling during the code exchange process, enhancing redirect logic for error scenarios.
…ion route - Replaced `createRouteClient` with `createClient` for improved client instantiation. - Removed the deprecated `createRouteClient` function to streamline the codebase.
mishushakov
approved these changes
Jul 6, 2025
ben-fornefeld
deleted the
bug-handle-password-reset-rate-limit-error-message-e2b-2619
branch
kitchenbeats
pushed a commit
to kitchenbeats/botlink-dashboard
that referenced
this pull request
Oct 20, 2025
…flow & handle supabase rate-limit error (e2b-dev#89) This pr features a new custom OTP PKCE flow under `/api/auth/confirm`, which we can use to route password reset and first time e-mail sign-up e-mail urls to. Also this pr improves the error logging inside `/api/auth/callback` and adds explicit error handling for supabase request password rate-limit errors, to inform the user about this state. The old `/api/auth/callback` will eventually be removed when we ensure it isn't used anymore. **Migration Strategy** Replace the confirmationUrl value inside our Supbase "Reset Password" and "Confirm Sign-Up", with the following when this pr is deployed: **Reset Password** `{{ .SiteURL }}/api/auth/confirm?token_hash={{ .TokenHash }}&type=recovery&next={{ .RedirectTo }}&confirmation_url={{ .ConfirmationURL }}` **Confirm Sign-Up** `{{ .SiteURL }}/api/auth/confirm?token_hash={{ .TokenHash }}&type=email&next={{ .RedirectTo }}&confirmation_url={{ .ConfirmationURL }}`
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pr features a new custom OTP PKCE flow under
/api/auth/confirm, which we can use to route password reset and first time e-mail sign-up e-mail urls to.Also this pr improves the error logging inside
/api/auth/callbackand adds explicit error handling for supabase request password rate-limit errors, to inform the user about this state.The old
/api/auth/callbackwill eventually be removed when we ensure it isn't used anymore.Migration Strategy
Replace the confirmationUrl value inside our Supbase "Reset Password" and "Confirm Sign-Up", with the following when this pr is deployed:
Reset Password
{{ .SiteURL }}/api/auth/confirm?token_hash={{ .TokenHash }}&type=recovery&next={{ .RedirectTo }}&confirmation_url={{ .ConfirmationURL }}Confirm Sign-Up
{{ .SiteURL }}/api/auth/confirm?token_hash={{ .TokenHash }}&type=email&next={{ .RedirectTo }}&confirmation_url={{ .ConfirmationURL }}