Get started
We are having lots of fun on Discord. Come and join us!
Star on GitHub 45.1K Get started
Back

Issue with Secret Key Length for Password Reset Exceeding 255 Characters

  • 0
  • Auth
  • Web
  • Realtime
View on Discord
codewithjacksun
31 Aug, 2024, 13:56

Hello Appwrite Support,

I'm experiencing an issue with the password reset process. The secret key sent with the redirect URL is 256 characters long, which exceeds the 255-character limit set by Appwrite. When using the account.updateRecovery method, I receive the following error: "AppwriteException: Invalid document structure: Attribute "key" has invalid type. Value must be a valid string and no longer than 255 chars"

Code snippet to handle the password reset: import { useState, useEffect } from "react"; import { account } from "../Backend/appwriteConfig"; // Assumes correct setup const NewPassword = () => { const [form, setForm] = useState({ password: "", confirmpassword: "" }); const [secret, setSecret] = useState(""); useEffect(() => { const queryParams = new URLSearchParams(window.location.search); const secretKey = queryParams.get("secret"); if (secretKey) { setSecret(secretKey); } else { console.error("Invalid password reset link."); } }, []); const updatePassword = async (password, secret) => { try { // Attempting to update the password with a secret key of 256 characters const trimmedSecret = secret.slice(0, 255); // Trimmed version const res = await account.updateRecovery("userId", trimmedSecret, password); // User ID used here for example console.log("Password updated successfully:", res); } catch (error) { console.error("Error updating password:", error); } }; // Form submission logic here... };

Questions:

  • Is it safe to trim the secret key to 255 characters, or could this compromise security?
  • Is there support for handling secret keys longer than 255 characters, possibly through a premium feature or configuration setting?
  • Is this key length issue a known limitation or a bug?
  • I am using the latest Appwrite SDK on a free plan. Please advise on how to proceed.

Thank you for your assistance!

Best regards! Gift Jackson codewithjacksun@gmail.com

TL;DR
Issue: Secret key for password reset is 256 characters long, exceeding Appwrite's 255-character limit, causing an error when using account.updateRecovery method. Solution: You can trim the secret key to 255 characters without compromising security. There is no current support for handling secret keys longer than 255 characters in Appwrite. This is a known limitation, not a bug. Consider upgrading your plan for potential future features.
Reply

Reply to this thread by joining our Discord

Reply on Discord

Recommended threads

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more