feat: allow unverified email signins #1301
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kangmingtay
changed the title
kangmingtay
force-pushed
the
km/feat-allow-unverified-email-signins
branch
from
72765b0 to
659b46f
Compare
kangmingtay
changed the title
hf
reviewed
Nov 14, 2023
hf
reviewed
Nov 14, 2023
hf
reviewed
Nov 14, 2023
hf
reviewed
Nov 14, 2023
hf
reviewed
Nov 14, 2023
hf
reviewed
Nov 14, 2023
hf
reviewed
Nov 14, 2023
hf
reviewed
Nov 14, 2023
hf
reviewed
Nov 14, 2023
kangmingtay
commented
Nov 14, 2023
J0
reviewed
Nov 15, 2023
kangmingtay
force-pushed
the
km/feat-allow-unverified-email-signins
branch
from
d63e10e to
ad52a15
Compare
hf
approved these changes
Nov 15, 2023
kangmingtay
force-pushed
the
km/feat-allow-unverified-email-signins
branch
from
8510fd3 to
10edffe
Compare
|
🎉 This PR is included in version 2.114.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
uxodb
pushed a commit
to uxodb/auth
that referenced
this pull request
Nov 13, 2024
## What kind of change does this PR introduce? * If `GOTRUE_ALLOW_UNVERIFIED_EMAIL_SIGN_INS` is enabled, it will allow a user with an unverified email address to sign in and obtain an access token JWT * This is particularly useful for OAuth in cases where the oauth provider doesn't return an email address / the oauth user didn't verify their email address with the OAuth provider. * Tests that broke and needed fixing were due to these reasons: * `RemoveUnconfirmedIdentities` was previously buggy and shouldn't be retaining the user metadata of a previously unconfirmed identity * `GOTRUE_ALLOW_UNVERIFIED_EMAIL_SIGN_INS` is enabled by default which caused some tests to return an access token instead of an error for a user with an unverified email ## Modifications made to automatic linking algorithm * If the candidate identity doesn't have a verified email, the decision should be to create a new account. * If the email belongs to a user already, then we opt to create a new user with no email. Previously, we would attempt to create a new user and the db will return an error due to the partial unique constraint on email violation. In order to add an email to the new user, they would have to call update user (`PUT /user`) to add a new email.
LashaJini
pushed a commit
to LashaJini/auth
that referenced
this pull request
Nov 13, 2024
## What kind of change does this PR introduce? * If `GOTRUE_ALLOW_UNVERIFIED_EMAIL_SIGN_INS` is enabled, it will allow a user with an unverified email address to sign in and obtain an access token JWT * This is particularly useful for OAuth in cases where the oauth provider doesn't return an email address / the oauth user didn't verify their email address with the OAuth provider. * Tests that broke and needed fixing were due to these reasons: * `RemoveUnconfirmedIdentities` was previously buggy and shouldn't be retaining the user metadata of a previously unconfirmed identity * `GOTRUE_ALLOW_UNVERIFIED_EMAIL_SIGN_INS` is enabled by default which caused some tests to return an access token instead of an error for a user with an unverified email ## Modifications made to automatic linking algorithm * If the candidate identity doesn't have a verified email, the decision should be to create a new account. * If the email belongs to a user already, then we opt to create a new user with no email. Previously, we would attempt to create a new user and the db will return an error due to the partial unique constraint on email violation. In order to add an email to the new user, they would have to call update user (`PUT /user`) to add a new email.
LashaJini
pushed a commit
to LashaJini/auth
that referenced
this pull request
Nov 15, 2024
## What kind of change does this PR introduce? * If `GOTRUE_ALLOW_UNVERIFIED_EMAIL_SIGN_INS` is enabled, it will allow a user with an unverified email address to sign in and obtain an access token JWT * This is particularly useful for OAuth in cases where the oauth provider doesn't return an email address / the oauth user didn't verify their email address with the OAuth provider. * Tests that broke and needed fixing were due to these reasons: * `RemoveUnconfirmedIdentities` was previously buggy and shouldn't be retaining the user metadata of a previously unconfirmed identity * `GOTRUE_ALLOW_UNVERIFIED_EMAIL_SIGN_INS` is enabled by default which caused some tests to return an access token instead of an error for a user with an unverified email ## Modifications made to automatic linking algorithm * If the candidate identity doesn't have a verified email, the decision should be to create a new account. * If the email belongs to a user already, then we opt to create a new user with no email. Previously, we would attempt to create a new user and the db will return an error due to the partial unique constraint on email violation. In order to add an email to the new user, they would have to call update user (`PUT /user`) to add a new email.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What kind of change does this PR introduce?
GOTRUE_ALLOW_UNVERIFIED_EMAIL_SIGN_INSis enabled, it will allow a user with an unverified email address to sign in and obtain an access token JWTRemoveUnconfirmedIdentitieswas previously buggy and shouldn't be retaining the user metadata of a previously unconfirmed identityGOTRUE_ALLOW_UNVERIFIED_EMAIL_SIGN_INSis enabled by default which caused some tests to return an access token instead of an error for a user with an unverified emailModifications made to automatic linking algorithm
PUT /user) to add a new email.