Auth

User Management

View, delete, and export user information.


You can view your users on the Users page of the Dashboard. You can also view the contents of the Auth schema in the Table Editor.

Accessing user data via API

For security, the Auth schema is not exposed in the auto-generated API. If you want to access users data via the API, you can create your own user tables in the public schema.

Make sure to protect the table by enabling Row Level Security. Reference the auth.users table to ensure data integrity. Specify on delete cascade in the reference. For example, a public.profiles table might look like this:


_10
create table public.profiles (
_10
id uuid not null references auth.users on delete cascade,
_10
first_name text,
_10
last_name text,
_10
_10
primary key (id)
_10
);
_10
_10
alter table public.profiles enable row level security;

To update your public.profiles table every time a user signs up, set up a trigger. If the trigger fails, it could block signups, so test your code thoroughly.


_17
-- inserts a row into public.profiles
_17
create function public.handle_new_user()
_17
returns trigger
_17
language plpgsql
_17
security definer set search_path = ''
_17
as $$
_17
begin
_17
insert into public.profiles (id, first_name, last_name)
_17
values (new.id, new.raw_user_meta_data ->> 'first_name', new.raw_user_meta_data ->> 'last_name');
_17
return new;
_17
end;
_17
$$;
_17
_17
-- trigger the function every time a user is created
_17
create trigger on_auth_user_created
_17
after insert on auth.users
_17
for each row execute procedure public.handle_new_user();

Adding and retrieving user metadata

You can assign metadata to users on sign up:


_10
const { data, error } = await supabase.auth.signUp({
_10
_10
password: 'example-password',
_10
options: {
_10
data: {
_10
first_name: 'John',
_10
age: 27,
_10
},
_10
},
_10
})

User metadata is stored on the raw_user_meta_data column of the auth.users table. To view the metadata:


_10
const {
_10
data: { user },
_10
} = await supabase.auth.getUser()
_10
let metadata = user.user_metadata

Deleting users

You may delete users directly or via the management console at Authentication > Users. Note that deleting a user from the auth.users table does not automatically sign out a user. As Supabase makes use of JSON Web Tokens (JWT), a user's JWT will remain "valid" until it has expired. Should you wish to immediately revoke access for a user, do consider making use of a Row Level Security policy as described below.

Exporting users

As Supabase is built on top of Postgres, you can query the auth.users and auth.identities table via the SQL Editor tab to extract all users:


_10
select * from auth.users;

You can then export the results as CSV.