Auth

Login With Magic Link

Magic links are a form of passwordless logins where users click on a link sent to their email address to log in to their accounts. Magic links only work with email addresses and are one-time use only. By default, a user can only request a magic link once every 60 seconds and they expire after 24 hours.

Set up Magic Link logins for your Supabase application.

  • Enable the email provider in your Supabase Project
  • Configure the Site URL and any additional redirect URLs in the authentication management tab.
  • The Site URL represents the default URL that the user will be redirected to after clicking on the email signup confirmation link.
  • If a user has not signed up yet, signing in with a magic link will automatically sign up the user. To prevent users from signing up through magic links, you can set the shouldCreateUser option to false.

When your user signs in, call signInWithOtp() with their email address:


_10
async function signInWithEmail() {
_10
const { data, error } = await supabase.auth.signInWithOtp({
_10
_10
options: {
_10
// set this to false if you do not want the user to be automatically signed up
_10
shouldCreateUser: false,
_10
emailRedirectTo: 'https://example.com/welcome',
_10
},
_10
})
_10
}

When your user signs out, call signOut() to remove them from the browser session and any objects from localStorage:


_10
async function signOut() {
_10
const { error } = await supabase.auth.signOut()
_10
}

Resources