signIn()

Log in an existing user, or login via a third-party provider.

1const { user, session, error } = await supabase.auth.signIn({
2  email: 'example@email.com',
3  password: 'example-password',
4})

Parameters#

  • UserCredentialsrequired
    object

    No description provided.

      Properties
    • emailoptional
      string

      No description provided.

    • oidcoptional
      OpenIDConnectCredentials

      No description provided.

    • passwordoptional
      string

      No description provided.

    • phoneoptional
      string

      No description provided.

    • provideroptional
      Provider

      No description provided.

    • refreshTokenoptional
      string

      No description provided.

  • optionsrequired
    object

    No description provided.

      Properties
    • captchaTokenoptional
      string

      No description provided.

    • queryParamsoptional
      object

      No description provided.

    • redirectTooptional
      string

      No description provided.

    • scopesoptional
      string

      No description provided.

    • shouldCreateUseroptional
      boolean

      No description provided.

Notes#

  • A user can sign up either via email or OAuth.
  • If you provide email without a password, the user will be sent a magic link.
  • The magic link's destination URL is determined by the SITE_URL config variable. To change this, you can go to Authentication -> Settings on app.supabase.com
  • Specifying a provider will open the browser to the relevant login page.

Examples#

Sign in with email.#

1const { user, session, error } = await supabase.auth.signIn({
2  email: 'example@email.com',
3  password: 'example-password',
4})

If no password is provided, the user will be sent a "magic link" to their email address, which they can click to open your application with a valid session. By default, a given user can only request a Magic Link once every 60 seconds.

1const { user, session, error } = await supabase.auth.signIn({
2  email: 'example@email.com'
3})

Sign in using third-party providers.#

Supabase supports many different third-party providers.

1const { user, session, error } = await supabase.auth.signIn({
2  // provider can be 'github', 'google', 'gitlab', and more
3  provider: 'github'
4})

Sign in with Phone.#

Supabase supports Phone Auth.

1const { user, session, error } = await supabase.auth.signIn({
2  phone: '+13334445555',
3  password: 'some-password',
4})

Sign in with redirect.#

Note that the redirectTo param is only relevant for OAuth logins, where the login flow is managed by the Auth server. If you are using email/phone logins you should set up your own redirects (within the email/sms template).

Sometimes you want to control where the user is redirected to after they are logged in. Supabase supports this for any URL path on your website (the URL must either be on the same domain as your Site URL [see Auth>Settings in dashboard], or must match one of the Additional Redirect URLs [also in Auth>Settings]).

1const { user, session, error } = await supabase.auth.signIn({
2  provider: 'github'
3}, {
4  redirectTo: 'https://example.com/welcome'
5})

Sign in with scopes.#

If you need additional data from an OAuth provider, you can include a space-separated list of scopes in your request to get back an OAuth provider token. You may also need to specify the scopes in the provider's OAuth app settings, depending on the provider.

1const { user, session, error } = await supabase.auth.signIn({
2  provider: 'github'
3}, {
4  scopes: 'repo gist notifications'
5})
6const oAuthToken = session.provider_token // use to access provider API

Sign in using a refresh token (e.g. in React Native).#

If you are completing a sign up or login in a React Native app you can pass the refresh token obtained from the provider to obtain a session.

1// An example using Expo's `AuthSession`
2const redirectUri = AuthSession.makeRedirectUri({ useProxy: false });
3const provider = 'google';
4
5AuthSession.startAsync({
6  authUrl: `https://MYSUPABASEAPP.supabase.co/auth/v1/authorize?provider=${provider}&redirect_to=${redirectUri}`,
7  returnUrl: redirectUri,
8}).then(async (response: any) => {
9  if (!response) return;
10  const { user, session, error } = await supabase.auth.signIn({
11    refreshToken: response.params?.refresh_token,
12  });
13});