Description
Bug report
- I confirm this is a bug with Supabase, not with my own application.
- I confirm I have searched the Docs, GitHub Discussions, and Discord.
Describe the bug
After updating the user's email using supabase.auth.updateUser, the email confirmation is sent to both the old and new email addresses. However, after confirming the new email and attempting to log in with it, login fails. Checking the database reveals that the auth.users table still shows the old email, and the email_change field is populated with the new email. This inconsistency prevents logging in with the new email.
To Reproduce
Steps to reproduce the behavior:
- Clone the public repository from GitHub supabase-login-change-email).
- Modify src/supabase.ts with your own Supabase URL and token.
- pnpm dev -> access http://localhost:3000
- Sign up using the "Sign Up" button (toSignUp).
- Confirm the sign-up link sent to your email and log in.
- Confirm you see "This is Authenticated area."
- In the authenticated area, use the form at the bottom to enter a new email address and submit.
- Confirmation links are sent to both the old and new email addresses.
- Click the confirmation link for the new email (it redirects to http://localhost:3000).
- Log out and attempt to log in with the new email.
- Login fails with the new email but works with the old one.
Expected behavior
After confirming the new email address, I expected to be able to log in with the new email. The auth.users table should update the email field with the new email, and the session should reflect this as well.
System information
- OS: [Ubuntu22.04]
- Browser (if applies) [chrome]
- Version of supabase-js: [2.45.4]
- Version of Node.js: [20.17.0]
Additional context
Upon checking the auth.users table, the email field remains as the old email, while the email_change field holds the new email. The session information also reflects this, preventing login with the new email address.