Creator
Edit

Supabase OTP

This guide explains how to configure Supabase to send OTP tokens instead of magic links for email authentication.

🚨 Issue: Receiving Magic Links Instead of OTP Codes

When you request an email OTP, Supabase sends a magic link instead of a 6-digit OTP code. This happens because the default configuration prioritizes magic links over OTP codes.

πŸ”§ Solution: Configure Supabase Project Settings

Step 1: Access Supabase Dashboard

  1. Go to https://supabase.com/dashboard

  2. Select your project.

  3. Navigate to Authentication β†’ Settings

Step 2: Configure Email Auth Settings

In the Auth Settings section:

  1. Find "Email OTP" Settings:

    • Look for "Email OTP" configuration

    • Enable "Email OTP" if it's disabled

  2. Disable Magic Links (if needed):

    • Look for "Magic Link" settings

    • Consider disabling magic links to force OTP usage

  3. Email Template Settings:

    • Go to Authentication β†’ Email Templates

    • Select "Magic Link" template

    • Change the template type or configure it for OTP

Step 3: Alternative Approach - Use Explicit OTP Configuration

πŸ“§ Email Template Configuration

Configure Email OTP Template

  1. Go to Authentication β†’ Email Templates

  2. Select "Magic Link" or find "OTP" template

  3. Ensure the template contains {{ .Token }} instead of {{ .ConfirmationURL }}

Example OTP email template:

πŸ” Troubleshooting

Check Current Configuration

Run this test to see what type of email you're receiving:

If Still Receiving Magic Links

  1. Check Email Templates: Verify the template uses {{ .Token }} not {{ .ConfirmationURL }}

  2. Project Settings: Ensure OTP is enabled in Auth settings

  3. Cache: Clear browser cache and try again

  4. Different Email: Try with a different email address

Alternative Solution: Use Phone OTP

If email OTP continues to send magic links, use phone OTP instead:

πŸ§ͺ Testing After Configuration

Test Email OTP:

πŸ“± Enable SMS OTP (Optional)

If you want phone OTP:

  1. Go to Authentication β†’ Settings

  2. Find "Phone Auth" section

  3. Configure your SMS provider (Twilio, MessageBird, etc.)

  4. Enable phone authentication

πŸ”§ Code-Level Fix (If Dashboard Doesn't Work)

If the dashboard configuration doesn't work, we can try a different approach in the code:

πŸ“ž Need Help?

If you're still receiving magic links after following these steps:

  1. Check your Supabase project's Auth settings carefully

  2. Try creating a new test project to verify OTP behavior

  3. Contact Supabase support if the issue persists

  4. Consider using phone OTP as an alternative

βœ… Expected Behavior After Fix

After proper configuration:

  • Email OTP: You'll receive a 6-digit code like 123456

  • Response: API returns success message about OTP being sent

  • Verification: Use the 6-digit code to verify and get JWT tokens

The key is ensuring your Supabase project is configured to prioritize OTP codes over magic links in the authentication flow.

PreviousAuth0NextWrangler

Last updated