Javascript Reference v2.0

Verify and log in through OTP

Log in a user given a User supplied OTP or TokenHash received through mobile or email.

  • The verifyOtp method takes in different verification types. If a phone number is used, the type can either be sms or phone_change. If an email address is used, the type can be one of the following: email, recovery, invite or email_change (signup and magiclink types are deprecated).
  • The verification type used should be determined based on the corresponding auth method called before verifyOtp to sign up / sign-in a user.
  • The TokenHash is contained in the email templates and can be used to sign in. You may wish to use the hash with Magic Links for the PKCE flow for Server Side Auth. See this guide for more details.

const { data, error } = await supabase.auth.verifyOtp({ phone, token, type: 'sms'})