Confirming email change token for Identity / GoTrue

Clayton · May 24, 2021, 5:26pm

I’m trying to understand how to verify the ‘email_change_token’ that is generated by a GoTrue / Identity instance when a user’s email address is updated.

A couple of considerations –

I’m not using the Identity Widget and have a custom auth flow that is processing auth events manually.
I’m also not able to use the GoTrue-JS library and am creating similarly structured methods in serverless functions that hit the same GoTrue endpoints.

I see the email_change_token is passed back as URL fragment, similar to how confirmation_tokens and recovery_tokens are returned. For the latter two, I’m able to process these via the /verify endpoint.

Looking through the code of the GoTrue and GoTrue-JS repos, I can’t deduce what means or method is used to verify the email_change_token to complete the process of updating an email address.

@futuregerald @jonsully - It looks like you may have already peeked under the covers for this…

Could you, or anyone else, help shed light on this?

Thanks

jonsully · May 24, 2021, 7:47pm

Hey @Clayton

No worries on not using the out-of-the-box solutions. I wrote a pure-React library to interface with GoTrue so I was in the same shoes.

When someone changes their email address on file, Netlify sends a confirmation email to that new email address. When the user clicks the link in the confirmation email, they’re directed to your site with a token in the URL, keyed as email_change (I believe you know this much). To confirm the new email, you need to PUT to /user (the standard ‘update user’ function) with the token set under the email_change_token key in the payload.

Abstracting from my library and illustrating with a standard fetch, this ought to be something like:

fetch("https://example.netlify.app/.netlify/identity/user", {
  method: 'PUT',
  Authorization: getUsersJWTBearer(),
  body: JSON.stringify({
    {
      email_change_token: '12oi41h2oih1fonif1oi2n' //the value from the url
    }
  })
})

Want to give that a shot and see if it does the trick?

–
Jon

Clayton · May 24, 2021, 8:34pm

@jonsully you’re a scholar and a gentleman!

Thank you - that was exactly the information I needed

Topic		Replies	Views
Netlify Identity: GoTrue JS Demo site will let me create a new user, but not verify it via email or the `confirm` method Support identity , netlify-newbie	1	720	February 26, 2021
How to change a Netlify Identity user email address? Support identity	2	830	October 21, 2020
Using Netlify Identity Registration Setting "Invite Only" with gotrue-js Support identity	4	2807	May 1, 2020
Updates to GoTrue.js Documentation Features identity	5	769	October 26, 2020
Possible to LOGIN with GoTrue / Identity via serverless function? Support identity	3	1102	May 3, 2021

Confirming email change token for Identity / GoTrue

Related topics