0

I have the following scenario.

  1. A user creates an account on a mobile app and lands in the /confirm screen on the mobile app.

  2. A user confirms the created account via clicking on the confirmation link in their email on a Computer, taking them to the website and not the mobile app.

The user is being verified successfully by the website via:

const { data, error } = await supabase.auth.verifyOtp({
  token_hash: token,
  type: "signup",
});

The website tells the user to return to the mobile app.

  1. On the mobile side (in the /confirm screen), I am trying to periodically fetch either session or the user info, but I get null for both the session and the user.
  useEffect(() => {
    const interval = setInterval(async () => {
      const { data, error } = await supabase.auth.getSession() // returns null
      const {
        data: { user },
      } = await supabase.auth.getUser() // returns null

      if (error) {
        captureException(error)
        return
      }

      if (data?.session) {
        setAccountConfirmed(true)
        clearInterval(interval)
      }
    }, 3000)

    return () => clearInterval(interval)
  }, [])

My reasoning is: now that the account has been confirmed on the website, the session should be 'fetchable' in the mobile app as well.

However, that doesn't work.

How can I get the session on the mobile (after the account has been confirmed on the website), so that I can redirect the user to the logged in portion of the mobile app?

Improve this question
2
  • Instead of redirecting the users to the website to handle the email verification, can't you just redirect directly to the mobile app with a deep link ?
    – HichamELBSI
    Apr 13 at 20:29
  • Hi @HichamELBSI, thank you. I am already redirecting a user (using the universal link), if the link is opened on the mobile device. However, I am asking about a different scenario: image a user creates an account on the mobile device, and confirms their sign up on a computer (not on the mobile). Then on the mobile side - I need to detect somehow that the account has already been confirmed (via a different device, computer in this case) and retrieve that user's session. Any ideas?
    – Nikolay Melnikov
    Apr 14 at 17:27

1 Answer 1

Reset to default
0

According to Supabase documentation, you should not rely on getSession for this kind of use cases (server side verification) since the unencoded session data is retrieved from the local storage medium.

This means that getSession will always be null in your use case because you didn't create the session from the email verification.

Supabase is sending all the data through the url (when you click on the confirm email button) to create a session. Here, you will first need to verify is the user is authorized on the server side.

To check if the user is authorized (server side), you will need to use:

const { data: { user } } = await supabase.auth.getUser();

Because it validates the user's access token JWT on the server.

This request will send you all the auth metadata of the logged in user such as confirmed_at: 'DATE OF EMAIL CONFIRMATION', role: authenticated

Improve this answer
1
  • Hi, thank you. However, I tried that, as mentioned in the original question. That still didn't work :(
    – Nikolay Melnikov
    yesterday

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Not the answer you're looking for? Browse other questions tagged or ask your own question.