AI Tutor for Kids - v0 by Vercel

I'm getting the same issue.
reset link is going to homepage instead of reset page to set password.

check each and everything again from scratch and find out what can be the issue. p

36d ago

Let me investigate this from scratch. I'll check the entire flow:

I found the issue! Looking at the middleware (lines 55-65), it checks if the pathname starts with "/auth" and allows it. However, the problem is Supabase's resetPasswordForEmail doesn't preserve the path in the URL - it only sends the domain as the redirectUrl.

The actual email link sent by Supabase adds the token as a hash fragment: https://kiddohelper.rclpoint.com#access_token=...&type=recovery

This redirects to the homepage, NOT /auth/reset-password. Let me verify this and check Supabase's email template settings:

The issue is confirmed. Supabase ignores the full URL path in redirectTo - it only uses the domain. The fix is to use Supabase's Email Template to add the path. However, there's a simpler solution: add a client-side redirect on the homepage to detect the recovery token and redirect to the reset-password page.

Let me fix the homepage to detect the recovery token:

The homepage is a client component. I'll add a useEffect hook to detect recovery tokens and redirect to the reset-password page:

I've added recovery token detection to the homepage. Now when users click the password reset link from their email, they'll land on the homepage with the recovery token in the URL hash (#access_token=...&type=recovery), and a useEffect hook will automatically redirect them to /auth/reset-password while preserving the token. This allows Supabase to properly process the recovery session and the reset-password page can then update the user's password.

36d ago

Question is that why we're doing this to land on the homepage with the recovery token in the URL hash (#access_token=...&type=recovery) first, and a useEffect hook will automatically redirect them to /auth/reset-password while preserving the token. why not directly go to /auth/reset-password

36d ago

That's inefficient. The issue is that Supabase's resetPasswordForEmail() only uses the domain from the redirectTo URL and ignores the path - it always sends email links to just the domain root.

The proper fix is to customize the email template in Supabase so it directly links to /auth/reset-password. Let me remove the homepage redirect and show you the correct way:

You're absolutely right - that's inefficient. Let me remove the homepage redirect and show you the proper solution using Supabase's email template customization:

I've removed the unnecessary redirect. Now, to make password reset links go directly to /auth/reset-password, you need to customize the email template in Supabase. Here's how:

Steps to Fix Password Reset Email Links:

Go to Supabase Dashboard → Your Project
Navigate to: Authentication → Email Templates
Find: "Confirm Signup" and "Reset Password" templates
Edit the Reset Password template and change this line:
<a href="{{ .ConfirmationURL }}">Reset password</a>
To:
<a href="{{ .SiteURL }}/auth/reset-password{{ .ConfirmationURL | strings.TrimPrefix .SiteURL }}">Reset password</a>
Or simpler - if Supabase supports it, just change the template URL to:
{{ .SiteURL }}/auth/reset-password#{{ .TokenHash }}
Alternative (Easiest): In the Email Templates section, look for the Reset Password Email and update the link from {{ .ConfirmationURL }} to include the path: /auth/reset-password before the token.

This way, Supabase will send emails that directly link to /auth/reset-password?token=... instead of just the homepage, and users will land directly on the password reset page.

36d ago

which auth provider are you using?

18d ago

I'm getting the same issue.
reset link is going to homepage instead of reset page to set password.

check each and everything again from scratch and find out what can be the issue. p

36d ago

Let me investigate this from scratch. I'll check the entire flow:

The actual email link sent by Supabase adds the token as a hash fragment: https://kiddohelper.rclpoint.com#access_token=...&type=recovery

This redirects to the homepage, NOT /auth/reset-password. Let me verify this and check Supabase's email template settings:

Let me fix the homepage to detect the recovery token:

The homepage is a client component. I'll add a useEffect hook to detect recovery tokens and redirect to the reset-password page:

36d ago

The proper fix is to customize the email template in Supabase so it directly links to /auth/reset-password. Let me remove the homepage redirect and show you the correct way:

You're absolutely right - that's inefficient. Let me remove the homepage redirect and show you the proper solution using Supabase's email template customization:

I've removed the unnecessary redirect. Now, to make password reset links go directly to /auth/reset-password, you need to customize the email template in Supabase. Here's how:

Steps to Fix Password Reset Email Links:

Go to Supabase Dashboard → Your Project
Navigate to: Authentication → Email Templates
Find: "Confirm Signup" and "Reset Password" templates
Edit the Reset Password template and change this line:
<a href="{{ .ConfirmationURL }}">Reset password</a>
To:
<a href="{{ .SiteURL }}/auth/reset-password{{ .ConfirmationURL | strings.TrimPrefix .SiteURL }}">Reset password</a>
Or simpler - if Supabase supports it, just change the template URL to:
{{ .SiteURL }}/auth/reset-password#{{ .TokenHash }}
Alternative (Easiest): In the Email Templates section, look for the Reset Password Email and update the link from {{ .ConfirmationURL }} to include the path: /auth/reset-password before the token.

This way, Supabase will send emails that directly link to /auth/reset-password?token=... instead of just the homepage, and users will land directly on the password reset page.

which auth provider are you using?

18d ago