From b011b673a45815690350507cc91a3b2a7da6ad48 Mon Sep 17 00:00:00 2001
From: "Builder.io" <builder-bot@builder.io>
Date: Sat, 18 Oct 2025 01:32:12 +0000
Subject: [PATCH] Use setSession from hash tokens before exchange

cgen-f249e8cfc26646d58d72275d0e2d493b
---
 client/pages/ResetPassword.tsx | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/client/pages/ResetPassword.tsx b/client/pages/ResetPassword.tsx
index 4d32b32d..38c9dcc0 100644
--- a/client/pages/ResetPassword.tsx
+++ b/client/pages/ResetPassword.tsx
@@ -46,11 +46,21 @@ export default function ResetPassword() {
           setLinkError(urlErrorDesc || "Reset link is invalid or has expired.");
           return;
         }
-        try {
-          await supabase.auth.exchangeCodeForSession(window.location.href);
-        } catch (e: any) {
-          setLinkError("Reset link is invalid or has expired.");
-          return;
+        const access_token = params.get("access_token");
+        const refresh_token = params.get("refresh_token");
+        if (access_token && refresh_token) {
+          const { error: setErr } = await supabase.auth.setSession({ access_token, refresh_token });
+          if (setErr) {
+            setLinkError("Reset link is invalid or has expired.");
+            return;
+          }
+        } else {
+          try {
+            await supabase.auth.exchangeCodeForSession(window.location.href);
+          } catch (e: any) {
+            setLinkError("Reset link is invalid or has expired.");
+            return;
+          }
         }
         const { data } = await supabase.auth.getSession();
         if (!data?.session) {