Deleting account without password [oauth only setups] #137
Comments
|
Good find. Want to make a PR? We need some way of making sure you can’t delete an account with UI access for 5 seconds. see how we handle password reset. We require the “amr” to be “recovery” to verify they own the email. Can probably do the same here? Not sure about if it works with oauth but I think it should. |
scosman
changed the title
|
Edit: you can always set a password, even for oauth accounts. So not impossible. But not smooth either. |
|
What does AMR stand for and why must we prevent an account to be deleted that fast? Wouldn't simply having a confirmation button be sufficient? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When only using social OAuth the user does not have a password. When trying to delete an account you have to give a password as confirmation. Keep the confirmation but remove the need for a password.
Additionally, to remove email auth, you can set within the Auth component from @supabase/auth-ui-svelte: onlyThirdPartyProviders={true} This will remove the email and password fields, which will otherwise show up, even when disabling email auth within Supabase.
The text was updated successfully, but these errors were encountered: