Comments (1)
scotttrinh
commented on June 12, 2024
Yeah, this is interesting. This seems to be an issue that we overlooked when extending the verification flow to allow just the email. We should've required email and challenge so that we can encode the challenge into the new verification token that is sent since that is what is validated server-side.
So, at the moment, if you send an email-only verification resend request, it just verifies the email and redirects you back to a provided redirect_to, or else returns a 204 No Content response, but the email is now verified and you can now perform a login flow. At the time I added that flow, I didn't consider that everything assumes that verification ends with an actual login.
I believe we have (at least) two options:
- Handle
email+challengein the resend flow, and start a new PKCE flow when resending verification emails like in the password reset flow. - Handle the
redirect_toand204 No Contentflow in a way that requires the user to explicitly log in after verification.
I think it would be useful to handle both of those cases in our auth helper libraries, but starting with the first one is probably the way to go here. I'll get this patched up now!
from edgedb-js.
Related Issues (20)
- Cardinality doesn't change for stored pointers
- Allow the queries generator to statically analyze the query to ensure expressions are typed correctly and fail at generation time if not HOT 6
- Create tools can be updated HOT 2
- EdgeDB Auth: Nuxt
- Parallel query file generation HOT 3
- Error visibility in query file generation HOT 2
- EdgeDB Auth: Astro
- Add support for WebAuthn and Magic Links to `@edgedb/auth-core` and framework libraries
- Bug in backslash escaping of TS query generation
- Add `.gitignore` in `@edgedb/create`
- If modules have types that have the same name, the interfaces generator creates invalid references to the default module.
- Wrong property types when access a link
- "No function overload function" when user-defined scalar used as function parameter HOT 1
- "function $x does not exist" when using optional function parameters
- In create app template, if auth is not fully configured, show a helpful message
- Type-aware query middleware HOT 2
- Create a consistent `@edgedb/create` app UI
- Docs: bulk insert needs `e.json_get`
- Support new branch connection argument
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from edgedb-js.