fix: clarify error message when token missing email or phone in verify endpoint

[AKASH10513]

…hone

What kind of change does this PR introduce?

Bug fix / validation improvement

What is the current behavior?

The POST /verify endpoint returns confusing validation errors when request
parameters are invalid.
Specifically:
when both token and token_hash are provided
when neither is provided
when token is provided without email or phone
when token_hash is provided along with other fields
The validation logic enforces specific parameter combinations, but the
error message does not clearly explain what is wrong, which can confuse developers.

What is the new behavior?

This change only improves the error message and does not modify the existing
validation logic or verification flow.
The change has not been tested in a running Supabase instance yet,
but it is limited to validation messaging and does not affect core logic.

Additional context

Add any other context or screenshots.

Summary by CodeRabbit

• Bug Fixes
  • Clarified token verification error: when a token is supplied but neither email nor phone is provided, users now see the clearer message — "When verifying with a token, you must provide either an email address or a phone number" — to reduce confusion.

[coderabbitai]

📝 Walkthrough

Walkthrough

Changed a single validation error message in token-based verification to require either an email address or a phone number; no control flow or logic changes.

Changes

Cohort / File(s)	Summary
Error Message Update internal/api/verify.go	Replaced validation error text with: "When verifying with a token, you must provide either an email address or a phone number". No behavior changes.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 4

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: clarifying an error message in the verify endpoint when a token is provided without email or phone.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Merge Conflict Detection	✅ Passed	✅ No merge conflicts detected when merging into master

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

No actionable comments were generated in the recent review. 🎉

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@internal/api/verify.go`:
- Line 81: Update the validation error message in the return statement that
calls apierrors.NewBadRequestError (in internal/api/verify.go) to correct the
typo and improve wording: remove the stray space before "phone" and replace
"phone no" with "phone number" so the message reads clearly (e.g., "When
verifying with a token, you must provide either an email address or phone
number"). Ensure the message string used in the apierrors.NewBadRequestError
call is updated accordingly.