altie122•3w ago

restrict access to ResendOTP auth

I have a very specific use case where I need to be able to block emails that are not listed in a data table from signing in, is there a way to do this? I need to access an api route or the db itself from the function in the (pretty much stock) ResendOTP setup before the email is sent is there any way to go about this?

3 Replies

Convex Bot•3w ago

Thanks for posting in <#1088161997662724167>. Reminder: If you have a Convex Pro account, use the Convex Dashboard to file support tickets. - Provide context: What are you trying to achieve, what is the end-user interaction, what are you seeing? (full error message, command output, etc.) - Use search.convex.dev to search Docs, Stack, and Discord all at once. - Additionally, you can post your questions in the Convex Community's <#1228095053885476985> channel to receive a response from AI. - Avoid tagging staff unless specifically instructed. Thank you!

altie122OP•3w ago

in case it's helpful here is a sanitized version of my code:

import { Email } from "@convex-dev/auth/providers/Email";
import { Resend as ResendAPI } from "resend";
import { alphabet, generateRandomString } from "oslo/crypto";

export const ResendOTP = Email({
  id: "resend-otp",
  apiKey: process.env.AUTH_RESEND_KEY,
  maxAge: 60 * 15,
  generateVerificationToken() {
    return generateRandomString(6, alphabet("0-9"));
  },
  async sendVerificationRequest({ identifier: email, provider, token }) {
    // check email
    
    // send email if allowed
    const resend = new ResendAPI(provider.apiKey);
    const { error } = await resend.emails.send({
      from: "",
      to: [email],
      subject: ``,
      text: `Your code is ${token}\n\nThis code will expire in 15 minutes.`,
    });
 
    if (error) {
      throw new Error(JSON.stringify(error));
    }
  },
});

import { Email } from "@convex-dev/auth/providers/Email";
import { Resend as ResendAPI } from "resend";
import { alphabet, generateRandomString } from "oslo/crypto";

export const ResendOTP = Email({
  id: "resend-otp",
  apiKey: process.env.AUTH_RESEND_KEY,
  maxAge: 60 * 15,
  generateVerificationToken() {
    return generateRandomString(6, alphabet("0-9"));
  },
  async sendVerificationRequest({ identifier: email, provider, token }) {
    // check email
    
    // send email if allowed
    const resend = new ResendAPI(provider.apiKey);
    const { error } = await resend.emails.send({
      from: "",
      to: [email],
      subject: ``,
      text: `Your code is ${token}\n\nThis code will expire in 15 minutes.`,
    });
 
    if (error) {
      throw new Error(JSON.stringify(error));
    }
  },
});

erquhart•2w ago

createOrUpdateUser is generally where this kind of thing is handled: https://labs.convex.dev/auth/advanced#controlling-user-creation-and-account-linking-behavior

restrict access to ResendOTP auth

Did you find this page helpful?