Improved UX for converting anonymous user to 'full' user.

[IrregularShed]

Hi Supabase folks.

I'm working on a project which provides a consumer frontend (and middleware) to my company's legacy ecommerce platform. I pushed for Next.js and have become hopelessly addicted to the possibilities of what Supabase can bring, starting with user authentication and expanding into shopping carts and mailing address management.

At present, when a user who isn't logged adds a first item to the cart, an anonymous user is created to tie the user to the cart's contents. This is helpful for investigating abandoned carts, amongst other things. If an anonymous user has been created then, when they go to register an account, it's actually updating the anonymous user to give it an email address and password.

The problem is this - the Auth module fires off a 'changed email address' email when this occurs, and the default text says...

Follow this link to confirm the update of your email address from to [email protected]

... because there's no email address that it's changed from. The link also includes, as a URL parameter, type=email_change. As a technical user I could just about live with that, but thinking in terms of an average end user trying to buy a TV, that's going to be puzzling, and potentially off-putting.

I've hacked around the issues mentioned by modifying the 'Change Email Address' template:

{{ if .Email}}
<h2>Confirm Change of Email</h2>

<p>Follow this link to confirm the update of your email from {{ .Email }} to {{ .NewEmail }}:</p>
<p><a href="{{ .SiteURL }}/auth/confirm?token_hash={{ .TokenHash }}&type=email_change">Change Email</a></p>
{{ else }}
<h2>Confirm your signup</h2>

<p>Follow this link to confirm your user:</p>
<p><a href="{{ .SiteURL }}/auth/confirm?token_hash={{ .TokenHash }}&type=signup2">Confirm your mail</a></p>
{{ end }}

As a result, if the original Email value exists, it uses the original Change Email Address. If there wasn't a value it writes a URL with a more expected 'type' parameter, and the route.js code converts that to email_change before calling verifyOtp().

My issue - it's a lot of hassle. The Change Email Address template contains logic code that I'd rather not have there, and has to be kept up-to-date with the Confirm Signup template. I've had to make the subject line as neutral as possible because I don't think that gets processed the way that the body text does. It's very much a hack in the truest sense of the word!

My suggestion - supabase.auth.updateUser() already supports an options parameter, which is used for emailRedirectTo only. I suggest adding support for another parameter, giving the developer the opportunity to override the default email template that gets used. Alternatively, assume that adding a username/password to an anonymous account is the same as creating an account, and emit signup instead of email_change.

Regardless - thank you devs for a wonderful platform.