Home > database >  Email Change - InvalidToken
Email Change - InvalidToken

Time:10-29

I have scaffolded account manage pages at blazor server app. Unfortunately, when I try to change the user email (Identity/Account/Manage/Email), link that is generated seems to be not correct.

var userId = await _userManager.GetUserIdAsync(user);
var code = await _userManager.GenerateChangeEmailTokenAsync(user, Input.NewEmail);
var callbackUrl = Url.Page(
              "/Account/ConfirmEmailChange",
              pageHandler: null,
              values: new { userId = userId, email = Input.NewEmail, code = code },
              protocol: Request.Scheme);
              await _emailSender.SendEmailAsync(
                        Input.NewEmail,
                        "Confirm your email",
                        $"Please confirm your account by <a href='{HtmlEncoder.Default.Encode(callbackUrl)}'>clicking here</a>.");

When I use that link invalid token error is generated. The worse is that I have no idea how I can investigate that problem. All other links (password reset, confirmation email after registration) works correctly. Maybe that is connected with fact that the user class is extended by a few additional fields. Still, I don't have an idea about the next steps.

 public class AspNetUser : IdentityUser
 {
     [StringLength(100)]
     public string FirstName { get; set; }
     [StringLength(100)]
     public string LastName { get; set; }
     //ect..
 }

CodePudding user response:

Try this...

var token = await _userManager.GenerateChangeEmailTokenAsync(user, 
                                                    Input.NewEmail);
 var confirmationLink = Url.Action(nameof(ConfirmEmailChange), 
        "Account", new { token, email = Input.NewEmail }, 
                                         Request.Scheme);

 var content = $"<a href = {confirmationLink}>Please confirm your 
                           account by clicking here</a>";

 await _emailSender.SendEmailAsync(new string[] { Input.NewEmail }, 
                   "Confirmation email link", content); // , null

CodePudding user response:

"code" at that method is wrongly decoded (Base64)

public class ConfirmEmailChangeModel : PageModel {

public async Task<IActionResult> OnGetAsync(string userId,string email,string code)
{
 /*...* 
code = Encoding.UTF8.GetString(WebEncoders.Base64UrlDecode(code));
var result = await _userManager.ChangeEmailAsync(user, email, code);
/*..*/
}
}

after removing that line everything is working correctly! What is surprising for me is that line was generated by VS! Also why it works for anyone else? That shouldn't work for anyone!

  • Related