signIn()
Log in an existing user, or login via a third-party provider.
const { user, session, error } = await supabase.auth.signIn({
email: 'example@email.com',
password: 'example-password',
})
Parameters
__namedParametersrequired
UserCredentialsNo description provided.
optionsrequired
objectNo description provided.
captchaTokenoptional
stringNo description provided.
queryParamsoptional
objectNo description provided.
redirectTooptional
stringNo description provided.
scopesoptional
stringNo description provided.
shouldCreateUseroptional
booleanNo description provided.
Properties
Notes
- A user can sign up either via email or OAuth.
- If you provide
emailwithout apassword, the user will be sent a magic link. - The magic link's destination URL is determined by the SITE_URL config variable. To change this, you can go to Authentication -> Settings on app.supabase.com
- Specifying a
providerwill open the browser to the relevant login page.
Examples
Sign in with email.
const { user, session, error } = await supabase.auth.signIn({
email: 'example@email.com',
password: 'example-password',
})
Sign in with magic link.
If no password is provided, the user will be sent a "magic link" to their email address, which they can click to open your application with a valid session. By default, a given user can only request a Magic Link once every 60 seconds.
const { user, session, error } = await supabase.auth.signIn({
email: 'example@email.com'
})
Sign in using third-party providers.
Supabase supports many different third-party providers.
const { user, session, error } = await supabase.auth.signIn({
// provider can be 'github', 'google', 'gitlab', and more
provider: 'github'
})
Sign in with Phone.
Supabase supports Phone Auth.
const { user, session, error } = await supabase.auth.signIn({
phone: '+13334445555',
password: 'some-password',
})
Sign in with redirect.
Note that the redirectTo param is only relevant for OAuth logins, where the login flow is managed by
the Auth server. If you are using email/phone logins you should set up your own redirects (within the email/sms template).
Sometimes you want to control where the user is redirected to after they are logged in. Supabase supports this for any URL path on your website (the URL must either be on the same domain as your Site URL [see Auth>Settings in dashboard], or must match one of the Additional Redirect URLs [also in Auth>Settings]).
const { user, session, error } = await supabase.auth.signIn({
provider: 'github'
}, {
redirectTo: 'https://example.com/welcome'
})
Sign in with scopes.
If you need additional data from an OAuth provider, you can include a space-separated list of scopes in your request to get back an OAuth provider token. You may also need to specify the scopes in the provider's OAuth app settings, depending on the provider.
const { user, session, error } = await supabase.auth.signIn({
provider: 'github'
}, {
scopes: 'repo gist notifications'
})
const oAuthToken = session.provider_token // use to access provider API
Sign in using a refresh token (e.g. in React Native).
If you are completing a sign up or login in a React Native app you can pass the refresh token obtained from the provider to obtain a session.
// An example using Expo's `AuthSession`
const redirectUri = AuthSession.makeRedirectUri({ useProxy: false });
const provider = 'google';
AuthSession.startAsync({
authUrl: `https://MYSUPABASEAPP.supabase.co/auth/v1/authorize?provider=${provider}&redirect_to=${redirectUri}`,
returnUrl: redirectUri,
}).then(async (response: any) => {
if (!response) return;
const { user, session, error } = await supabase.auth.signIn({
refreshToken: response.params?.refresh_token,
});
});