apps/docs/content/guides/auth/passwords.mdx
Users often expect to sign in to your site with a password. Supabase Auth helps you implement password-based auth safely, using secure configuration options and best practices for storing and verifying passwords.
Users can associate a password with their identity using their email address or a phone number.
Email authentication is enabled by default.
You can configure whether users need to verify their email to sign in. On hosted Supabase projects, this is true by default. On self-hosted projects or in local development, this is false by default.
Change this setting on the Auth Providers page for hosted projects, or in the configuration file for self-hosted projects.
There are two possible flows for email signup: implicit flow and PKCE flow. If you're using SSR, you're using the PKCE flow. If you're using client-only code, the default flow depends upon the client library. The implicit flow is the default in JavaScript and Dart, and the PKCE flow is the default in Swift.
The instructions in this section assume that email confirmations are enabled.
<Tabs scrollable stickyTabList={{ style: { top: 'var(--header-height)', backgroundColor: 'hsl(var(--background-default) / var(--tw-bg-opacity))', maskImage: 'none', borderBottom: '1px solid hsl(var(--border-default) / 1)', } }} size="large" type="underlined" queryGroup="flow"
<TabPanel id="implicit" label="Implicit flow">
The implicit flow only works for client-only apps. Your site directly receives the access token after the user confirms their email.
<Tabs scrollable size="small" type="underlined" queryGroup="language"
<TabPanel id="js" label="JavaScript">
To sign up the user, call signUp() with their email address and password.
You can optionally specify a URL to redirect to after the user clicks the confirmation link. This URL must be configured as a Redirect URL, which you can do in the dashboard for hosted projects, or in the configuration file for self-hosted projects.
If you don't specify a redirect URL, the user is automatically redirected to your site URL. This defaults to localhost:3000, but you can also configure this.
import { createClient } from '@supabase/supabase-js'
const supabase = createClient('https://your-project.supabase.co', 'sb_publishable_... or anon key')
// ---cut---
async function signUpNewUser() {
const { data, error } = await supabase.auth.signUp({
email: '[email protected]',
password: 'example-password',
options: {
emailRedirectTo: 'https://example.com/welcome',
},
})
}
To sign up the user, call signUp() with their email address and password:
Future<void> signUpNewUser() async {
final AuthResponse res = await supabase.auth.signUp(
email: '[email protected]',
password: 'example-password'
);
}
To sign up the user, call signUp() with their email address and password.
You can optionally specify a URL to redirect to after the user clicks the confirmation link. This URL must be configured as a Redirect URL, which you can do in the dashboard for hosted projects, or in the configuration file for self-hosted projects.
If you don't specify a redirect URL, the user is automatically redirected to your site URL. This defaults to localhost:3000, but you can also configure this.
let response = try await supabase.auth.signUp(
email: "[email protected]",
password: "example-password",
redirectTo: URL(string: "https://example.com/welcome")
)
To sign up the user, call signUpWith(Email) with their email address and password:
suspend fun signUpNewUser() {
supabase.auth.signUpWith(Email) {
email = "[email protected]"
password = "example-password"
}
}
To sign up the user, call signUp() with their email address and password.
You can optionally specify a URL to redirect to after the user clicks the confirmation link. This URL must be configured as a Redirect URL, which you can do in the dashboard for hosted projects, or in the configuration file for self-hosted projects.
If you don't specify a redirect URL, the user is automatically redirected to your site URL. This defaults to localhost:3000, but you can also configure this.
data = await supabase.auth.sign_up({
'email': '[email protected]',
'password': 'example-password',
'options': {
'email_redirect_to': 'https://example.com/welcome',
},
})
The PKCE flow allows for server-side authentication. Unlike the implicit flow, which directly provides your app with the access token after the user clicks the confirmation link, the PKCE flow requires an intermediate token exchange step before you can get the access token.
Update your signup email template to send the token hash. For detailed instructions on how to configure your email templates, including the use of variables like {{ .SiteURL }}, {{ .TokenHash }}, and {{ .RedirectTo }}, refer to our Email Templates guide.
Your signup email template should contain the following HTML:
<h2>Confirm your signup</h2>
<p>Follow this link to confirm your user:</p>
<p>
<a
href="{{ .SiteURL }}/auth/confirm?token_hash={{ .TokenHash }}&type=email&next={{ .RedirectTo }}"
>Confirm your email</a
>
</p>
Create an API endpoint at <YOUR_SITE_URL>/auth/confirm to handle the token exchange.
<$Partial path="create_client_snippet.mdx" />
<Tabs scrollable size="small" type="underlined" defaultActiveId="nextjs" queryGroup="framework"> <TabPanel id="nextjs" label="Next.js">Create a new file at app/auth/confirm/route.ts and populate with the following:
import { type EmailOtpType } from '@supabase/supabase-js'
import { type NextRequest } from 'next/server'
import { createClient } from '@/utils/supabase/server'
import { redirect } from 'next/navigation'
export async function GET(request: NextRequest) {
const { searchParams } = new URL(request.url)
const token_hash = searchParams.get('token_hash')
const type = searchParams.get('type') as EmailOtpType | null
const next = searchParams.get('next') ?? '/'
if (token_hash && type) {
const supabase = await createClient()
const { error } = await supabase.auth.verifyOtp({
type,
token_hash,
})
if (!error) {
// redirect user to specified redirect URL or root of app
redirect(next)
}
}
// redirect the user to an error page with some instructions
redirect('/auth/auth-code-error')
}
Create a new file at src/routes/auth/confirm/+server.ts and populate with the following:
import { redirect } from '@sveltejs/kit'
import { type EmailOtpType } from '@supabase/supabase-js'
export const GET = async (event) => {
const {
url,
locals: { supabase },
} = event
const token_hash = url.searchParams.get('token_hash') as string
const type = url.searchParams.get('type') as EmailOtpType | null
const next = url.searchParams.get('next') ?? '/'
/**
* Clean up the redirect URL by deleting the Auth flow parameters.
*
* `next` is preserved for now, because it's needed in the error case.
*/
const redirectTo = new URL(url)
redirectTo.pathname = next
redirectTo.searchParams.delete('token_hash')
redirectTo.searchParams.delete('type')
if (token_hash && type) {
const { error } = await supabase.auth.verifyOtp({ token_hash, type })
if (!error) {
redirectTo.searchParams.delete('next')
redirect(303, redirectTo)
}
}
// return the user to an error page with some instructions
redirectTo.pathname = '/auth/error'
redirect(303, redirectTo)
}
Create a new file at src/pages/auth/confirm.ts and populate with the following:
import { createServerClient, parseCookieHeader } from '@supabase/ssr'
import { type EmailOtpType } from '@supabase/supabase-js'
import { type APIRoute } from 'astro'
export const GET: APIRoute = async ({ request, cookies, redirect }) => {
const requestUrl = new URL(request.url)
const token_hash = requestUrl.searchParams.get('token_hash')
const type = requestUrl.searchParams.get('type') as EmailOtpType | null
const next = requestUrl.searchParams.get('next') || '/'
if (token_hash && type) {
const supabase = createServerClient(
import.meta.env.PUBLIC_SUPABASE_URL,
import.meta.env.PUBLIC_SUPABASE_PUBLISHABLE_KEY,
{
cookies: {
getAll() {
return parseCookieHeader(request.headers.get('Cookie') ?? '')
},
setAll(cookiesToSet, _headers) {
cookiesToSet.forEach(({ name, value, options }) => cookies.set(name, value, options))
},
},
}
)
const { error } = await supabase.auth.verifyOtp({
type,
token_hash,
})
if (!error) {
return redirect(next)
}
}
// return the user to an error page with some instructions
return redirect('/auth/auth-code-error')
}
Create a new file at app/routes/auth.confirm.tsx and populate with the following:
import { redirect, type LoaderFunctionArgs } from '@remix-run/node'
import { createServerClient, parseCookieHeader, serializeCookieHeader } from '@supabase/ssr'
import { type EmailOtpType } from '@supabase/supabase-js'
export async function loader({ request }: LoaderFunctionArgs) {
const requestUrl = new URL(request.url)
const token_hash = requestUrl.searchParams.get('token_hash')
const type = requestUrl.searchParams.get('type') as EmailOtpType | null
const next = requestUrl.searchParams.get('next') || '/'
const headers = new Headers()
if (token_hash && type) {
const supabase = createServerClient(
process.env.SUPABASE_URL!,
process.env.SUPABASE_PUBLISHABLE_KEY!,
{
cookies: {
getAll() {
return parseCookieHeader(request.headers.get('Cookie') ?? '')
},
setAll(key, value, options) {
headers.append('Set-Cookie', serializeCookieHeader(key, value, options))
},
},
}
)
const { error } = await supabase.auth.verifyOtp({
type,
token_hash,
})
if (!error) {
return redirect(next, { headers })
}
}
// return the user to an error page with instructions
return redirect('/auth/auth-code-error', { headers })
}
Create a new route in your express app and populate with the following:
// The client you created from the Server-Side Auth instructions
const { createClient } = require("./lib/supabase")
...
app.get("/auth/confirm", async function (req, res) {
const token_hash = req.query.token_hash
const type = req.query.type
const next = req.query.next ?? "/"
if (token_hash && type) {
const supabase = createClient({ req, res })
const { error } = await supabase.auth.verifyOtp({
type,
token_hash,
})
if (!error) {
res.redirect(303, `/${next.slice(1)}`)
}
}
// return the user to an error page with some instructions
res.redirect(303, '/auth/auth-code-error')
})
<Tabs scrollable size="small" type="underlined" queryGroup="language"
<TabPanel id="js" label="JavaScript">
To sign up the user, call signUp() with their email address and password:
You can optionally specify a URL to redirect to after the user clicks the confirmation link. This URL must be configured as a Redirect URL, which you can do in the dashboard for hosted projects, or in the configuration file for self-hosted projects.
If you don't specify a redirect URL, the user is automatically redirected to your site URL. This defaults to localhost:3000, but you can also configure this.
import { createClient } from '@supabase/supabase-js'
const supabase = createClient('https://your-project.supabase.co', 'sb_publishable_... or anon key')
// ---cut---
async function signUpNewUser() {
const { data, error } = await supabase.auth.signUp({
email: '[email protected]',
password: 'example-password',
options: {
emailRedirectTo: 'https://example.com/welcome',
},
})
}
To sign up the user, call signUp() with their email address and password:
Future<void> signUpNewUser() async {
final AuthResponse res = await supabase.auth.signUp(
email: '[email protected]',
password: 'example-password'
);
}
To sign up the user, call signUp() with their email address and password:
let response = try await supabase.auth.signUp(
email: "[email protected]",
password: "example-password",
)
To sign up the user, call signUpWith(Email) with their email address and password:
suspend fun signUpNewUser() {
supabase.auth.signUpWith(Email) {
email = "[email protected]"
password = "example-password"
}
}
To sign up the user, call signUp() with their email address and password:
data = supabase.auth.sign_up({
'email': '[email protected]',
'password': 'example-password',
})
<Tabs scrollable size="small" type="underlined" queryGroup="language"
<TabPanel id="js" label="JavaScript">
When your user signs in, call signInWithPassword() with their email address and password:
import { createClient } from '@supabase/supabase-js'
const supabase = createClient('https://your-project.supabase.co', 'sb_publishable_... or anon key')
// ---cut---
async function signInWithEmail() {
const { data, error } = await supabase.auth.signInWithPassword({
email: '[email protected]',
password: 'example-password',
})
}
When your user signs in, call signInWithPassword() with their email address and password:
Future<void> signInWithEmail() async {
final AuthResponse res = await supabase.auth.signInWithPassword(
email: '[email protected]',
password: 'example-password'
);
}
When your user signs in, call signIn(email:password:) with their email address and password:
try await supabase.auth.signIn(
email: "[email protected]",
password: "example-password"
)
When your user signs in, call signInWith(Email) with their email address and password:
suspend fun signInWithEmail() {
supabase.auth.signInWith(Email) {
email = "[email protected]"
password = "example-password"
}
}
When your user signs in, call sign_in_with_password() with their email address and password:
data = client.auth.sign_in_with_password({
'email': '[email protected]',
'password': 'example-password',
})
<Tabs scrollable size="small" type="underlined" queryGroup="flow"
<TabPanel id="implicit" label="Implicit flow">
Create a reset password page. This page should be publicly accessible.
Collect the user's email address and request a password reset email. Specify the redirect URL, which should point to the URL of a change password page. This URL needs to be configured in your redirect URLs.
<Tabs scrollable size="small" type="underlined" defaultActiveId="js" queryGroup="language"
<TabPanel id="js" label="JavaScript">
import { createClient } from '@supabase/supabase-js'
const supabase = createClient('https://your-project.supabase.co', 'sb_publishable_... or anon key')
// ---cut---
await supabase.auth.resetPasswordForEmail('[email protected]', {
redirectTo: 'http://example.com/account/update-password',
})
try await supabase.auth.resetPasswordForEmail(
"[email protected]",
redirectTo: URL(string: "http://example.com/account/update-password")
)
supabase.auth.resetPasswordForEmail(
email = "[email protected]",
redirectUrl = "http://example.com/account/update-password"
)
If you are on one of the Kotlin targets that have built-in support for redirect URL handling, such as Android, see OAuth and OTP link verification.
</TabPanel> </$Show> <$Show if="sdk:python"> <TabPanel id="python" label="Python">client.auth.reset_password_email(
'[email protected]',
{'redirect_to':'http://example.com/account/update-password'}
)
await supabase.auth.resetPasswordForEmail(
'[email protected]',
redirectTo: 'http://example.com/account/update-password',
);
Create a change password page at the URL you specified in the previous step. This page should be accessible only to authenticated users.
Collect the user's new password and call updateUser to update their password.
The PKCE flow allows for server-side authentication. Unlike the implicit flow, which directly provides your app with the access token after the user clicks the confirmation link, the PKCE flow requires an intermediate token exchange step before you can get the access token.
Update your reset password email template to send the token hash. See Email Templates for how to configure your email templates.
Your reset password email template should contain the following HTML:
<h2>Reset Password</h2>
<p>Follow this link to reset the password for your user:</p>
<p>
<a
href="{{ .SiteURL }}/auth/confirm?token_hash={{ .TokenHash }}&type=recovery&next=/account/update-password"
>Reset Password</a
>
</p>
Create an API endpoint at <YOUR_SITE_URL>/auth/confirm to handle the token exchange.
<$Partial path="create_client_snippet.mdx" />
<Tabs scrollable size="small" type="underlined" defaultActiveId="nextjs" queryGroup="framework"> <TabPanel id="nextjs" label="Next.js">Create a new file at app/auth/confirm/route.ts and populate with the following:
import { type EmailOtpType } from '@supabase/supabase-js'
import { cookies } from 'next/headers'
import { NextRequest, NextResponse } from 'next/server'
// The client you created from the Server-Side Auth instructions
import { createClient } from '@/utils/supabase/server'
export async function GET(request: NextRequest) {
const { searchParams } = new URL(request.url)
const token_hash = searchParams.get('token_hash')
const type = searchParams.get('type') as EmailOtpType | null
const next = searchParams.get('next') ?? '/'
const redirectTo = request.nextUrl.clone()
redirectTo.pathname = next
if (token_hash && type) {
const supabase = await createClient()
const { error } = await supabase.auth.verifyOtp({
type,
token_hash,
})
if (!error) {
return NextResponse.redirect(redirectTo)
}
}
// return the user to an error page with some instructions
redirectTo.pathname = '/auth/auth-code-error'
return NextResponse.redirect(redirectTo)
}
Create a new file at src/routes/auth/confirm/+server.ts and populate with the following:
import { redirect } from '@sveltejs/kit'
import { type EmailOtpType } from '@supabase/supabase-js'
export const GET = async (event) => {
const {
url,
locals: { supabase },
} = event
const token_hash = url.searchParams.get('token_hash') as string
const type = url.searchParams.get('type') as EmailOtpType | null
const next = url.searchParams.get('next') ?? '/'
/**
* Clean up the redirect URL by deleting the Auth flow parameters.
*
* `next` is preserved for now, because it's needed in the error case.
*/
const redirectTo = new URL(url)
redirectTo.pathname = next
redirectTo.searchParams.delete('token_hash')
redirectTo.searchParams.delete('type')
if (token_hash && type) {
const { error } = await supabase.auth.verifyOtp({ token_hash, type })
if (!error) {
redirectTo.searchParams.delete('next')
redirect(303, redirectTo)
}
}
// return the user to an error page with some instructions
redirectTo.pathname = '/auth/error'
redirect(303, redirectTo)
}
Create a new file at src/pages/auth/confirm.ts and populate with the following:
import { createServerClient, parseCookieHeader } from '@supabase/ssr'
import { type EmailOtpType } from '@supabase/supabase-js'
import { type APIRoute } from 'astro'
export const GET: APIRoute = async ({ request, cookies, redirect }) => {
const requestUrl = new URL(request.url)
const token_hash = requestUrl.searchParams.get('token_hash')
const type = requestUrl.searchParams.get('type') as EmailOtpType | null
const next = requestUrl.searchParams.get('next') || '/'
if (token_hash && type) {
const supabase = createServerClient(
import.meta.env.PUBLIC_SUPABASE_URL,
import.meta.env.PUBLIC_SUPABASE_PUBLISHABLE_KEY,
{
cookies: {
getAll() {
return parseCookieHeader(request.headers.get('Cookie') ?? '')
},
setAll(cookiesToSet, _headers) {
cookiesToSet.forEach(({ name, value, options }) => cookies.set(name, value, options))
},
},
}
)
const { error } = await supabase.auth.verifyOtp({
type,
token_hash,
})
if (!error) {
return redirect(next)
}
}
// return the user to an error page with some instructions
return redirect('/auth/auth-code-error')
}
Create a new file at app/routes/auth.confirm.tsx and populate with the following:
import { redirect, type LoaderFunctionArgs } from '@remix-run/node'
import { createServerClient, parseCookieHeader, serializeCookieHeader } from '@supabase/ssr'
import { type EmailOtpType } from '@supabase/supabase-js'
export async function loader({ request }: LoaderFunctionArgs) {
const requestUrl = new URL(request.url)
const token_hash = requestUrl.searchParams.get('token_hash')
const type = requestUrl.searchParams.get('type') as EmailOtpType | null
const next = requestUrl.searchParams.get('next') || '/'
const headers = new Headers()
if (token_hash && type) {
const supabase = createServerClient(
process.env.SUPABASE_URL!,
process.env.SUPABASE_PUBLISHABLE_KEY!,
{
cookies: {
getAll() {
return parseCookieHeader(request.headers.get('Cookie') ?? '')
},
setAll(key, value, options) {
headers.append('Set-Cookie', serializeCookieHeader(key, value, options))
},
},
}
)
const { error } = await supabase.auth.verifyOtp({
type,
token_hash,
})
if (!error) {
return redirect(next, { headers })
}
}
// return the user to an error page with instructions
return redirect('/auth/auth-code-error', { headers })
}
Create a new route in your express app and populate with the following:
// The client you created from the Server-Side Auth instructions
const { createClient } = require("./lib/supabase")
...
app.get("/auth/confirm", async function (req, res) {
const token_hash = req.query.token_hash
const type = req.query.type
const next = req.query.next ?? "/"
if (token_hash && type) {
const supabase = createClient({ req, res })
const { error } = await supabase.auth.verifyOtp({
type,
token_hash,
})
if (!error) {
res.redirect(303, `/${next.slice(1)}`)
}
}
// return the user to an error page with some instructions
res.redirect(303, '/auth/auth-code-error')
})
<Tabs scrollable size="small" type="underlined" queryGroup="language"
<TabPanel id="js" label="JavaScript">
async function resetPassword() {
const { data, error } = await supabase.auth.resetPasswordForEmail(email)
}
try await supabase.auth.resetPasswordForEmail("[email protected]")
supabase.gotrue.sendRecoveryEmail(
email = "[email protected]",
)
supabase.auth.reset_password_email('[email protected]')
await supabase.auth.resetPasswordForEmail('[email protected]');
Once you have a session, collect the user's new password and call updateUser to update their password.
<Tabs scrollable size="small" type="underlined" defaultActiveId="js" queryGroup="language"
<TabPanel id="js" label="JavaScript">
import { createClient } from '@supabase/supabase-js'
const supabase = createClient('url', 'anonKey')
// ---cut---
await supabase.auth.updateUser({ password: 'new_password' })
try await supabase.auth.updateUser(user: UserAttributes(password: newPassword))
supabase.auth.updateUser {
password = "new_password"
}
supabase.auth.update_user({'password': 'new_password'})
final UserResponse res = await supabase.auth.updateUser(
UserAttributes(password: 'new_password'),
);
The signup confirmation and password reset flows require an SMTP server to send emails.
The Supabase platform comes with a default email-sending service for you to try out. The service has a rate limit of <SharedData data="config">auth.rate_limits.email.inbuilt_smtp_per_hour.value</SharedData> emails per hour, and availability is on a best-effort basis. For production use, you should consider configuring a custom SMTP server.
<Admonition type="tip">Consider configuring a custom SMTP server for production.
</Admonition>See the Custom SMTP guide for instructions.
You can test email flows on your local machine. The Supabase CLI automatically captures emails sent locally by using Mailpit.
In your terminal, run supabase status to get the Mailpit URL. Go to this URL in your browser, and follow the instructions to find your emails.
You can use a user's mobile phone number as an identifier, instead of an email address, when they sign up with a password.
This practice is usually discouraged because phone networks recycle mobile phone numbers. Anyone receiving a recycled phone number gets access to the original user's account. To mitigate this risk, implement MFA.
<Admonition type="danger">Protect users who use a phone number as a password-based auth identifier by enabling MFA.
</Admonition>Enable phone authentication on the Auth Providers page for hosted Supabase projects.
For self-hosted projects or local development, use the configuration file. See the configuration variables namespaced under auth.sms.
If you want users to confirm their phone number on signup, you need to set up an SMS provider. Each provider has its own configuration. Supported providers include MessageBird, Twilio, Vonage, and TextLocal (community-supported).
<AuthSmsProviderConfig />To sign up the user, call signUp() with their phone number and password:
<Tabs scrollable size="small" type="underlined" defaultActiveId="js" queryGroup="language"
<TabPanel id="js" label="JavaScript">
import { createClient } from '@supabase/supabase-js'
const supabase = createClient('https://your-project.supabase.co', 'sb_publishable_... or anon key')
// ---cut---
const { data, error } = await supabase.auth.signUp({
phone: '+13334445555',
password: 'some-password',
})
try await supabase.auth.signUp(
phone: "+13334445555",
password: "some-password"
)
supabase.auth.signUpWith(Phone) {
phone = "+13334445555"
password = "some-password"
}
supabase.auth.sign_up({
'phone': "+13334445555",
'password': "some-password"
})
final AuthResponse res = await supabase.auth.signUp(
phone: '+13334445555',
password: 'some-password',
);
curl -X POST 'https://cvwawazfelidkloqmbma.supabase.co/auth/v1/signup' \
-H "apikey: SUPABASE_KEY" \
-H "Content-Type: application/json" \
-d '{
"phone": "+13334445555",
"password": "some-password"
}'
If you have phone verification turned on, the user receives an SMS with a 6-digit pin that you must verify within 60 seconds:
<Tabs scrollable size="small" type="underlined" defaultActiveId="js" queryGroup="language"
<TabPanel id="js" label="JavaScript">
You should present a form to the user so they can input the 6 digit pin, then send it along with the phone number to verifyOtp:
import { createClient } from '@supabase/supabase-js'
const supabase = createClient('https://your-project.supabase.co', 'sb_publishable_... or anon key')
// ---cut---
const {
data: { session },
error,
} = await supabase.auth.verifyOtp({
phone: '+13334445555',
token: '123456',
type: 'sms',
})
You should present a form to the user so they can input the 6 digit pin, then send it along with the phone number to verifyOTP:
try await supabase.auth.verifyOTP(
phone: "+13334445555",
token: "123456",
type: .sms
)
You should present a form to the user so they can input the 6 digit pin, then send it along with the phone number to verifyPhoneOtp:
supabase.auth.verifyPhoneOtp(
type = OtpType.Phone.SMS,
phone = "+13334445555",
token = "123456"
)
You should present a form to the user so they can input the 6 digit pin, then send it along with the phone number to verify_otp:
supabase.auth.verify_otp({
'phone': "+13334445555",
'token': "123456",
'type': "sms"
})
You should present a form to the user so they can input the 6 digit pin, then send it along with the phone number to verifyOTP:
final AuthResponse res = await supabase.auth.verifyOTP(
phone: '+13334445555',
token: '123456',
type: OtpType.sms,
);
curl -X POST 'https://<PROJECT_REF>.supabase.co/auth/v1/verify' \
-H "apikey: <SUPABASE_KEY>" \
-H "Content-Type: application/json" \
-d '{
"type": "sms",
"phone": "+13334445555",
"token": "123456"
}'
Call the function to sign in with the user's phone number and password:
<Tabs scrollable size="small" type="underlined" defaultActiveId="js" queryGroup="language"
<TabPanel id="js" label="JavaScript">
import { createClient } from '@supabase/supabase-js'
const supabase = createClient('https://your-project.supabase.co', 'sb_publishable_... or anon key')
// ---cut---
const { data, error } = await supabase.auth.signInWithPassword({
phone: '+13334445555',
password: 'some-password',
})
try await supabase.auth.signIn(
phone: "+13334445555",
password: "some-password"
)
supabase.auth.signInWith(Phone) {
phone = "+13334445555"
password = "some-password"
}
supabase.auth.sign_in_with_password({
'phone': "+13334445555",
'password': "some-password"
})
final AuthResponse res = await supabase.auth.signInWithPassword(
phone: '+13334445555',
password: 'some-password',
);
curl -X POST 'https://cvwawazfelidkloqmbma.supabase.co/auth/v1/token?grant_type=password' \
-H "apikey: SUPABASE_KEY" \
-H "Content-Type: application/json" \
-d '{
"phone": "+13334445555",
"password": "some-password"
}'