Gerhard Scheikl
37f1e7bbd5
- Add /auth/confirm GET route handler that verifies the signup token via
verifyOtp({ type, token_hash }) and falls back to exchangeCodeForSession
when a PKCE code is present. Whitelists to same-origin paths.
- Signup: pass emailRedirectTo=<APP_URL>/auth/confirm, show a
'check your email' confirmation state with a resend action (cooldown),
and handle the already-registered case.
- Login: detect email_not_confirmed and offer a resend-confirmation action;
surface verification_failed errors from the confirm route.