when calling updateUserById method to update email of user it updates it without user confirmation

[andreineamtu]

I'm trying to implement "update email" functionality on my website using the supabase admin client

const supabaseAdmin = createClient(supabaseUrl, supabaseServiceRoleKey);
const { data, error } = await supabaseAdmin.auth.admin.updateUserById(params.userId,
{ email: params.email, email_confirm: false }
);

The problem: is updating automatically the user's email in the auth table and is sending a confirmation email to the new email address so the user can confirm the change.
Isn't this how the method should work? Or should I use another method?

[kl-thamm]

I am not sure I understand your question, but the upabase.auth.admin.updateUserById should just update the user by the given id. See: https://supabase.com/docs/reference/javascript/auth-admin-updateuserbyid

[supermar1010]

@andreineamtu Look at this issue (#1278) and the repo linked. You're using the admin method which is just doing by "brute-force" if you want the user to confirm it you should use supabase.auth.updateUser, I think. But documentation is missing on that method.

[oldbettie]

The documentation around all of this is garbage. I have an open ticket with supabase and they have not responded beyond saying "it works for me"

The method you are using is a brute force updates as suggested above. However it only works once. When you try to change the email a second time it does not work as intended it looks for the original email and when its not found it wont let you make the change again. This completely breaks that user and I have had to ask users to completely recreate their accounts.

The documentation around updateUser is also terrible. It just says a confirmation link will be sent. I have not been able to figure out if this means the link is sent dirrectly to supabase or if we need to handle it in the same way we do for confirming an email with our own API route which handles the verification.