gotrue: Test OTP verify not working on supabase local

Bug report

  • I confirm this is a bug with Supabase, not with my own application.
  • I confirm I have searched the Docs, GitHub Discussions, and Discord.

Describe the bug

Verifying OTP with Test emails is giving the following error

AuthApiError: Token has expired or is invalid
    at le (https://esm.sh/v133/@supabase/gotrue-js@2.56.0/esnext/gotrue-js.mjs:2:5282)
    at eventLoopTick (ext:core/01_core.js:183:11)
    at async Ie (https://esm.sh/v133/@supabase/gotrue-js@2.56.0/esnext/gotrue-js.mjs:2:6069)
    at async h (https://esm.sh/v133/@supabase/gotrue-js@2.56.0/esnext/gotrue-js.mjs:2:5806)
    at async g.verifyOtp (https://esm.sh/v133/@supabase/gotrue-js@2.56.0/esnext/gotrue-js.mjs:2:21397)
    at async Object.handler (file:///home/deno/functions/test/index.ts:14:27)
    at async handleHttp (ext:sb_core_main_js/js/http.js:66:17) {
  __isAuthError: true,
  name: "AuthApiError",
  status: 401
}

To Reproduce

Steps to reproduce the behavior, please provide code snippets or a repository:

  1. Run Local Instance of Supabase
  2. Modify config.toml
[auth.sms]
# Allow/disallow new user signups via SMS to your project.
enable_signup = true
# If enabled, users need to confirm their phone number before signing in.
enable_confirmations = true

# Use pre-defined map of phone number to OTP for testing.
[auth.sms.test_otp]
7333333333 = "123456"
  1. Run the following js code
const supabase = createClient(SUPABASE_URL, SUPABASE_ANON_KEY, {})
const { data, error } = await supabase.auth.verifyOtp({
		phone: '7333333333',
		token: '123456',
		type: 'sms',
	})

Expected behavior

Verify the user and login

Screenshots

If applicable, add screenshots to help explain your problem.

System information

  • OS: [e.g. macOS, Windows]
  • Version of supabase-cli: 1.110.1
  • Version of Node.js: [e.g. 18.x.x]

Additional context

Similar to #1252

About this issue

  • Original URL
  • State: closed
  • Created 8 months ago
  • Reactions: 4
  • Comments: 15 (11 by maintainers)

Most upvoted comments

Thanks @jibin2706! Going to close for now but let us know if there are any further issues.

+2
J0 on Nov 15, 2023

working now @J0 I was using auth.admin.createUser instead of supabase.auth.signInWithOtp

+2
jibin2706 on Nov 15, 2023

HI all!

I found something that might help the debugging of this problem.

TL;DR

It seems the Supabase-CLI is reading config.toml OK but when it creates the envs that Gotrue will use later, it messes the expected format.

Maybe changing the method used to generate the value for GOTRUE_SMS_TEST_OTP should be implemented.

On the CLI side

If we see line 421 of start.go, the value for that env being produced by calling testOTP.String(), which produces something like the following: {"7333333333":"123456"}.

Like a total “grug” I’ve done what is in the screenshot bellow to check what is being produced.

Screenshot from 2023-11-11 20-16-02

The actual output that will be used as env is shown in the screenshot bellow.

Screenshot from 2023-11-11 20-10-13

On the Gotrue side

Now, on Gotrue, we are using the envconfig package to parse the environments and convert them into the actual types the program expects.

If we add some logs into the conf.LoadGlobal function, we can check what is being produced.

Screenshot from 2023-11-11 20-32-41

When using GOTRUE_SMS_TEST_OTP={"7333333333":"123456"} we got the following:

Screenshot from 2023-11-11 20-43-47

When we remove the curly brackets and the double quotes from the env value and pass GOTRUE_SMS_TEST_OTP=7333333333:123456 we got this:

Screenshot from 2023-11-11 20-42-42

FYI: @J0 & @jibin2706

PS: Sorry for the amount of screenshots, I didn’t find a better way to explain myself.

+2
LautaroJayat on Nov 12, 2023

@jibin2706 do you mind sharing how you’re making the verification? Here’s my setup:

const { data, error } = await supabase.auth.signInWithOtp({
      phone: '12345678'
    })

const res = await supabase.auth.verifyOtp({
		  phone: '12345678',
		  token: '555555',
		  type: 'sms',

    })

and my config.toml contains

[auth.sms.test_otp]
<my_number> = "123456"
12345678 = "555555"

supabase -v gives me 1.112.0

Sorry for the barrage of information - am able to verify with this set up so trying to identify where the issue is coming from

+1
J0 on Nov 15, 2023

@J0 Using the latest version

+1
jibin2706 on Nov 14, 2023

@LautaroJayat Thanks so much 🙏 Appreciate your contribution

@jibin2706 we shouldn’t need to change the GoTrue repo I think. Can I check that you’re on the latest version of the CLI?

+1
J0 on Nov 14, 2023

@LautaroJayat Still getting same error

The env is the following format

GOTRUE_SMS_TEST_OTP=917045386164:123456,917123123232:123456,917213123233:123456

I guess we have to make changes to the gotrue repo as well

+1
jibin2706 on Nov 13, 2023

@LautaroJayat created a PR for sms template https://github.com/supabase/cli/pull/1655

+1
jibin2706 on Nov 13, 2023

Thank you! Let me know if you need any assistance there and feel free to tag me for review

+1
J0 on Nov 12, 2023

Hey team,

Thanks for flagging this! This looks to be an error with how the TEST_OTP config is parsed in the CLI. We’ll look into a fix and get back to you once it’s out.

+1
J0 on Nov 8, 2023
Read more comments on GitHub
← gotrue: redirectTo either ignored or stripped of /#/
gotrue: Unable to signIn with OpenIDConnect when already signed Up with email and password →