Verify the email without a email/password session
I'm trying to create a function to verify the user's email on signup, the code below works fine, but it has a small problem, there has to be a session cookie in the browser or ask the user to log in for the verification to work.
I've been trying to create a session on the fly to use it for the verification, but it's not working I get the wrong token passed something....
Same when creating an Admin Client.
Is there a way to have the user just click the link to verify the email address, even if there's no stored login session in the browser?
"use server";
import { Client, Account } from "node-appwrite";
import { cookies } from "next/headers";
import { redirect } from "next/navigation";
import Link from "next/link";
import { ID } from "node-appwrite";
import { isRedirectError } from "next/dist/client/components/redirect";
export async function createSessionClient() {
// Type assertion to cast environment variables to string
const endpoint = process.env.NEXT_PUBLIC_APPWRITE_ENDPOINT as string;
const project = process.env.NEXT_PUBLIC_APPWRITE_PROJECT as string;
// Runtime checks (optional but recommended)
if (!endpoint || !project) {
throw new Error("Missing required environment variables");
}
const client = new Client().setEndpoint(endpoint).setProject(project);
const session = cookies().get("appwrite-auth-cookie");
if (!session || !session.value) {
throw new Error("No session");
}
client.setSession(session.value);
return {
get account() {
return new Account(client);
},
};
}
export async function CreateSessionForVerify(userID: string, secret: string) {
"use server";
const { account } = await createSessionClient();
await account.updateVerification(userID, secret);
}
you shouldn't need a session to call the account.updateVerification() 🧐
That's why I'm losing my mind, I don't know why it's throwing that error.
I removed the following part and it's still saying something wrong with the token passed:
if (!session || !session.value) {
throw new Error("No session");
}
"use server";
import { Client, Account } from "node-appwrite";
import { cookies } from "next/headers";
import { redirect } from "next/navigation";
import Link from "next/link";
import { ID } from "node-appwrite";
import { isRedirectError } from "next/dist/client/components/redirect";
export async function createSessionClient() {
// Type assertion to cast environment variables to string
const endpoint = process.env.NEXT_PUBLIC_APPWRITE_ENDPOINT as string;
const project = process.env.NEXT_PUBLIC_APPWRITE_PROJECT as string;
// Runtime checks (optional but recommended)
if (!endpoint || !project) {
throw new Error("Missing required environment variables");
}
const client = new Client().setEndpoint(endpoint).setProject(project);
const session = cookies().get("appwrite-auth-cookie");
if (session) {
client.setSession(session.value);
}
return {
get account() {
return new Account(client);
},
};
}
export async function CreateSessionForVerify(userID: string, secret: string) {
"use server";
const { account } = await createSessionClient();
await account.updateVerification(userID, secret);
}
When the cookie is set, everything is as expected. I'm using nextjs 14 btw.
maybe it's still trying to set some cookie? Can you instantiate a new Client instead?
Same story 😭
export async function createSessionClient() {
// Type assertion to cast environment variables to string
const endpoint = process.env.NEXT_PUBLIC_APPWRITE_ENDPOINT as string;
const project = process.env.NEXT_PUBLIC_APPWRITE_PROJECT as string;
// Runtime checks (optional but recommended)
if (!endpoint || !project) {
throw new Error("Missing required environment variables");
}
const client = new Client().setEndpoint(endpoint).setProject(project);
return {
get account() {
return new Account(client);
},
};
}
You can't use the same code for the verify 🧐 you should leave this create session client as is for use where you need a session client. But for the verify call, you don't need a session client so instantiate a new client without setting the session
And are you able to inspect the update verification API call?
Finally, it's working now!! Thank you!! :appwritepeepo:
I created a new function to instantiate only a new client and it did it, even though I tried that before. : " )
Btw, the documentation here is using setSession so maybe it needs updating: https://appwrite.io/docs/references/cloud/server-nodejs/account#updateVerification
or perhaps it for something else I don't know 🤷♂️
Ya.. byproduct of auto generated docs 😬
Sorry I'm struggling with this as well. I constantly got the error
{
code: 401,
type: 'general_unauthorized_scope',
response: {
message: 'User (role: guests) missing scope (account)',
code: 401,
type: 'general_unauthorized_scope',
version: '1.6.0'
}
}
When using session all it's working well, but the user needs to be logged in to verify its email. Can anyone help me with this? I'm using v1.6.0
There is no frigging way I can use await account.createVerification or await account.updateVerification without a session. @BABYLON man, please, can you post your code to see how you solved, because I suspect that in the new version 1.6.0 it does not working.
Create verification requires a session. Update does not. Double check what API call is throwing the error.
If you still need help, create a separate #🚑│support post instead of posting in someone else's old thread
Thank you for the quick response. Unfortunately, account.updateVerification does not work without a session. I'm using node-appwrite, not the appwrite package, so it's possible that there is a bug, as I tried everything and it still didn't work.
