Options
All
  • Public
  • Public/Protected
  • All
Menu

@supabase/auth-js

Index

Classes

Interfaces

Type Aliases

Variables

Functions

Type Aliases

AuthChangeEvent

AuthChangeEvent: "INITIAL_SESSION" | "PASSWORD_RECOVERY" | "SIGNED_IN" | "SIGNED_OUT" | "TOKEN_REFRESHED" | "USER_UPDATED" | AuthChangeEventMFA

AuthChangeEventMFA

AuthChangeEventMFA: "MFA_CHALLENGE_VERIFIED"

AuthFlowType

AuthFlowType: "implicit" | "pkce"

AuthMFAAdminDeleteFactorParams

AuthMFAAdminDeleteFactorParams: { id: string; userId: string }
expermental

Type declaration

  • id: string

    ID of the MFA factor to delete.

  • userId: string

    ID of the user whose factor is being deleted.

AuthMFAAdminDeleteFactorResponse

AuthMFAAdminDeleteFactorResponse: { data: { id: string }; error: null } | { data: null; error: AuthError }
expermental

AuthMFAAdminListFactorsParams

AuthMFAAdminListFactorsParams: { userId: string }
expermental

Type declaration

  • userId: string

    ID of the user.

AuthMFAAdminListFactorsResponse

AuthMFAAdminListFactorsResponse: { data: { factors: Factor[] }; error: null } | { data: null; error: AuthError }
expermental

AuthMFAChallengeResponse

AuthMFAChallengeResponse: { data: { expires_at: number; id: string; type: "totp" | "phone" }; error: null } | { data: null; error: AuthError }

AuthMFAEnrollPhoneResponse

AuthMFAEnrollPhoneResponse: { data: { friendly_name?: string; id: string; phone: string; type: "phone" }; error: null } | { data: null; error: AuthError }

AuthMFAEnrollResponse

AuthMFAEnrollResponse: AuthMFAEnrollTOTPResponse | AuthMFAEnrollPhoneResponse

AuthMFAEnrollTOTPResponse

AuthMFAEnrollTOTPResponse: { data: { friendly_name?: string; id: string; totp: { qr_code: string; secret: string; uri: string }; type: "totp" }; error: null } | { data: null; error: AuthError }

AuthMFAGetAuthenticatorAssuranceLevelResponse

AuthMFAGetAuthenticatorAssuranceLevelResponse: { data: { currentAuthenticationMethods: AMREntry[]; currentLevel: AuthenticatorAssuranceLevels | null; nextLevel: AuthenticatorAssuranceLevels | null }; error: null } | { data: null; error: AuthError }

AuthMFAListFactorsResponse

AuthMFAListFactorsResponse: { data: { all: Factor[]; phone: Factor[]; totp: Factor[] }; error: null } | { data: null; error: AuthError }

AuthMFAUnenrollResponse

AuthMFAUnenrollResponse: { data: { id: string }; error: null } | { data: null; error: AuthError }

AuthMFAVerifyResponse

AuthMFAVerifyResponse: { data: { access_token: string; expires_in: number; refresh_token: string; token_type: string; user: User }; error: null } | { data: null; error: AuthError }

AuthOtpResponse

AuthOtpResponse: { data: { messageId?: string | null; session: null; user: null }; error: null } | { data: { messageId?: string | null; session: null; user: null }; error: AuthError }

AuthOtpResponse is returned when OTP is used.

{@see AuthResponse}

AuthResponse

AuthResponse: { data: { session: Session | null; user: User | null }; error: null } | { data: { session: null; user: null }; error: AuthError }

AuthResponsePassword

AuthResponsePassword: { data: { session: Session | null; user: User | null; weak_password?: WeakPassword | null }; error: null } | { data: { session: null; user: null }; error: AuthError }

AuthTokenResponse

AuthTokenResponse: { data: { session: Session; user: User }; error: null } | { data: { session: null; user: null }; error: AuthError }

AuthTokenResponsePassword

AuthTokenResponsePassword: { data: { session: Session; user: User; weakPassword?: WeakPassword }; error: null } | { data: { session: null; user: null; weakPassword?: null }; error: AuthError }

AuthenticatorAssuranceLevels

AuthenticatorAssuranceLevels: "aal1" | "aal2"

CallRefreshTokenResult

CallRefreshTokenResult: { error: null; session: Session } | { error: AuthError; session: null }

EmailOtpType

EmailOtpType: "signup" | "invite" | "magiclink" | "recovery" | "email_change" | "email"

GenerateEmailChangeLinkParams

GenerateEmailChangeLinkParams: { email: string; newEmail: string; options?: Pick<GenerateLinkOptions, "redirectTo">; type: "email_change_current" | "email_change_new" }

Type declaration

  • email: string

    The user's email

  • newEmail: string

    The user's new email. Only required if type is 'email_change_current' or 'email_change_new'.

  • Optional options?: Pick<GenerateLinkOptions, "redirectTo">
  • type: "email_change_current" | "email_change_new"

GenerateInviteOrMagiclinkParams

GenerateInviteOrMagiclinkParams: { email: string; options?: Pick<GenerateLinkOptions, "data" | "redirectTo">; type: "invite" | "magiclink" }

Type declaration

  • email: string

    The user's email

  • Optional options?: Pick<GenerateLinkOptions, "data" | "redirectTo">
  • type: "invite" | "magiclink"

GenerateLinkParams

GenerateLinkParams: GenerateSignupLinkParams | GenerateInviteOrMagiclinkParams | GenerateRecoveryLinkParams | GenerateEmailChangeLinkParams

GenerateLinkProperties

GenerateLinkProperties: { action_link: string; email_otp: string; hashed_token: string; redirect_to: string; verification_type: GenerateLinkType }

The properties related to the email link generated

Type declaration

  • action_link: string

    The email link to send to the user. The action_link follows the following format: auth/v1/verify?type={verification_type}&token={hashed_token}&redirect_to={redirect_to}

  • email_otp: string

    The raw email OTP. You should send this in the email if you want your users to verify using an OTP instead of the action link.

  • hashed_token: string

    The hashed token appended to the action link.

  • redirect_to: string

    The URL appended to the action link.

  • verification_type: GenerateLinkType

    The verification type that the email link is associated to.

GenerateLinkResponse

GenerateLinkResponse: { data: { properties: GenerateLinkProperties; user: User }; error: null } | { data: { properties: null; user: null }; error: AuthError }

GenerateLinkType

GenerateLinkType: "signup" | "invite" | "magiclink" | "recovery" | "email_change_current" | "email_change_new"

GenerateRecoveryLinkParams

GenerateRecoveryLinkParams: { email: string; options?: Pick<GenerateLinkOptions, "redirectTo">; type: "recovery" }

Type declaration

  • email: string

    The user's email

  • Optional options?: Pick<GenerateLinkOptions, "redirectTo">
  • type: "recovery"

GenerateSignupLinkParams

GenerateSignupLinkParams: { email: string; options?: Pick<GenerateLinkOptions, "data" | "redirectTo">; password: string; type: "signup" }

Type declaration

  • email: string
  • Optional options?: Pick<GenerateLinkOptions, "data" | "redirectTo">
  • password: string
  • type: "signup"

GoTrueClientOptions

GoTrueClientOptions: { autoRefreshToken?: boolean; debug?: boolean | ((message: string, ...args: any[]) => void); detectSessionInUrl?: boolean; fetch?: Fetch; flowType?: AuthFlowType; hasCustomAuthorizationHeader?: boolean; headers?: {}; lock?: LockFunc; persistSession?: boolean; storage?: SupportedStorage; storageKey?: string; url?: string }

Type declaration

  • Optional autoRefreshToken?: boolean
  • Optional debug?: boolean | ((message: string, ...args: any[]) => void)
  • Optional detectSessionInUrl?: boolean
  • Optional fetch?: Fetch
  • Optional flowType?: AuthFlowType
  • Optional hasCustomAuthorizationHeader?: boolean

    Set to "true" if there is a custom authorization header set globally.

    experimental
  • Optional headers?: {}
    • [key: string]: string
  • Optional lock?: LockFunc

    Provide your own locking mechanism based on the environment. By default no locking is done at this time.

    experimental
  • Optional persistSession?: boolean
  • Optional storage?: SupportedStorage
  • Optional storageKey?: string
  • Optional url?: string

InitializeResult

InitializeResult: { error: AuthError | null }

Type declaration

JwtHeader

JwtHeader: { alg: "RS256" | "ES256" | "HS256"; kid: string; typ: string }

Type declaration

  • alg: "RS256" | "ES256" | "HS256"
  • kid: string
  • typ: string

JwtPayload

JwtPayload: RequiredClaims & {}

LockFunc

LockFunc: (<R>(name: string, acquireTimeout: number, fn: (() => Promise<R>)) => Promise<R>)

Type declaration

    • <R>(name: string, acquireTimeout: number, fn: (() => Promise<R>)): Promise<R>

    • Provide your own global lock implementation instead of the default implementation. The function should acquire a lock for the duration of the fn async function, such that no other client instances will be able to hold it at the same time.

      experimental

      Type Parameters

      • R

      Parameters

      • name: string

        Name of the lock to be acquired.

      • acquireTimeout: number

        If negative, no timeout should occur. If positive it should throw an Error with an isAcquireTimeout property set to true if the operation fails to be acquired after this much time (ms).

      • fn: (() => Promise<R>)

        The operation to execute when the lock is acquired.

          • (): Promise<R>

          • Returns Promise<R>

      Returns Promise<R>

MFAChallengeAndVerifyParams

MFAChallengeAndVerifyParams: { code: string; factorId: string }

Type declaration

  • code: string

    Verification code provided by the user.

  • factorId: string

    ID of the factor being verified. Returned in enroll().

MFAChallengeParams

MFAChallengeParams: { channel?: "sms" | "whatsapp"; factorId: string }

Type declaration

  • Optional channel?: "sms" | "whatsapp"

    Messaging channel to use (e.g. whatsapp or sms). Only relevant for phone factors

  • factorId: string

    ID of the factor to be challenged. Returned in enroll().

MFAEnrollParams

MFAEnrollParams: MFAEnrollTOTPParams | MFAEnrollPhoneParams

MFAEnrollPhoneParams

MFAEnrollPhoneParams: { factorType: "phone"; friendlyName?: string; phone: string }

Type declaration

  • factorType: "phone"

    The type of factor being enrolled.

  • Optional friendlyName?: string

    Human readable name assigned to the factor.

  • phone: string

    Phone number associated with a factor. Number should conform to E.164 format

MFAEnrollTOTPParams

MFAEnrollTOTPParams: { factorType: "totp"; friendlyName?: string; issuer?: string }

Type declaration

  • factorType: "totp"

    The type of factor being enrolled.

  • Optional friendlyName?: string

    Human readable name assigned to the factor.

  • Optional issuer?: string

    Domain which the user is enrolled with.

MFAUnenrollParams

MFAUnenrollParams: { factorId: string }

Type declaration

  • factorId: string

    ID of the factor being unenrolled.

MFAVerifyParams

MFAVerifyParams: { challengeId: string; code: string; factorId: string }

Type declaration

  • challengeId: string

    ID of the challenge being verified. Returned in challenge().

  • code: string

    Verification code provided by the user.

  • factorId: string

    ID of the factor being verified. Returned in enroll().

MobileOtpType

MobileOtpType: "sms" | "phone_change"

OAuthResponse

OAuthResponse: { data: { provider: Provider; url: string }; error: null } | { data: { provider: Provider; url: null }; error: AuthError }

PageParams

PageParams: { page?: number; perPage?: number }

Type declaration

  • Optional page?: number

    The page number

  • Optional perPage?: number

    Number of items returned per page

Pagination

Pagination: { lastPage: number; nextPage: number | null; total: number }

Type declaration

  • [key: string]: any
  • lastPage: number
  • nextPage: number | null
  • total: number

Provider

Provider: "apple" | "azure" | "bitbucket" | "discord" | "facebook" | "figma" | "github" | "gitlab" | "google" | "kakao" | "keycloak" | "linkedin" | "linkedin_oidc" | "notion" | "slack" | "slack_oidc" | "spotify" | "twitch" | "twitter" | "workos" | "zoom" | "fly"

One of the providers supported by GoTrue.

RequiredClaims

RequiredClaims: { aal: AuthenticatorAssuranceLevels; aud: string | string[]; exp: number; iat: number; iss: string; role: string; session_id: string; sub: string }

Type declaration

ResendParams

ResendParams: { email: string; options?: { captchaToken?: string; emailRedirectTo?: string }; type: Extract<EmailOtpType, "signup" | "email_change"> } | { options?: { captchaToken?: string }; phone: string; type: Extract<MobileOtpType, "sms" | "phone_change"> }

SSOResponse

SSOResponse: { data: { url: string }; error: null } | { data: null; error: AuthError }

SignInAnonymouslyCredentials

SignInAnonymouslyCredentials: { options?: { captchaToken?: string; data?: object } }

Type declaration

  • Optional options?: { captchaToken?: string; data?: object }
    • Optional captchaToken?: string

      Verification token received when the user completes the captcha on the site.

    • Optional data?: object

      A custom data object to store the user's metadata. This maps to the auth.users.raw_user_meta_data column.

      The data should be a JSON object that includes user-specific info, such as their first and last name.

SignInWithIdTokenCredentials

SignInWithIdTokenCredentials: { access_token?: string; nonce?: string; options?: { captchaToken?: string }; provider: "google" | "apple" | "azure" | "facebook" | "kakao" | string & {}; token: string }

Type declaration

  • Optional access_token?: string

    If the ID token contains an at_hash claim, then the hash of this value is compared to the value in the ID token.

  • Optional nonce?: string

    If the ID token contains a nonce claim, then the hash of this value is compared to the value in the ID token.

  • Optional options?: { captchaToken?: string }
    • Optional captchaToken?: string

      Verification token received when the user completes the captcha on the site.

  • provider: "google" | "apple" | "azure" | "facebook" | "kakao" | string & {}

    Provider name or OIDC iss value identifying which provider should be used to verify the provided token. Supported names: google, apple, azure, facebook, kakao, keycloak (deprecated).

  • token: string

    OIDC ID token issued by the specified provider. The iss claim in the ID token must match the supplied provider. Some ID tokens contain an at_hash which require that you provide an access_token value to be accepted properly. If the token contains a nonce claim you must supply the nonce used to obtain the ID token.

SignInWithOAuthCredentials

SignInWithOAuthCredentials: { options?: { queryParams?: {}; redirectTo?: string; scopes?: string; skipBrowserRedirect?: boolean }; provider: Provider }

Type declaration

  • Optional options?: { queryParams?: {}; redirectTo?: string; scopes?: string; skipBrowserRedirect?: boolean }
    • Optional queryParams?: {}

      An object of query params

      • [key: string]: string
    • Optional redirectTo?: string

      A URL to send the user to after they are confirmed.

    • Optional scopes?: string

      A space-separated list of scopes granted to the OAuth application.

    • Optional skipBrowserRedirect?: boolean

      If set to true does not immediately redirect the current browser context to visit the OAuth authorization page for the provider.

  • provider: Provider

    One of the providers supported by GoTrue.

SignInWithPasswordCredentials

SignInWithPasswordCredentials: { email: string; options?: { captchaToken?: string }; password: string } | { options?: { captchaToken?: string }; password: string; phone: string }

SignInWithPasswordlessCredentials

SignInWithPasswordlessCredentials: { email: string; options?: { captchaToken?: string; data?: object; emailRedirectTo?: string; shouldCreateUser?: boolean } } | { options?: { captchaToken?: string; channel?: "sms" | "whatsapp"; data?: object; shouldCreateUser?: boolean }; phone: string }

SignInWithSSO

SignInWithSSO: { options?: { captchaToken?: string; redirectTo?: string }; providerId: string } | { domain: string; options?: { captchaToken?: string; redirectTo?: string } }

SignOut

SignOut: { scope?: "global" | "local" | "others" }

Type declaration

  • Optional scope?: "global" | "local" | "others"

    Determines which sessions should be logged out. Global means all sessions by this account. Local means only this session. Others means all other sessions except the current one. When using others, there is no sign-out event fired on the current session!

SignUpWithPasswordCredentials

SignUpWithPasswordCredentials: { email: string; options?: { captchaToken?: string; data?: object; emailRedirectTo?: string }; password: string } | { options?: { captchaToken?: string; channel?: "sms" | "whatsapp"; data?: object }; password: string; phone: string }

SupportedStorage

SupportedStorage: PromisifyMethods<Pick<Storage, "getItem" | "setItem" | "removeItem">> & { isServer?: boolean }

UserResponse

UserResponse: { data: { user: User }; error: null } | { data: { user: null }; error: AuthError }

VerifyOtpParams

VerifyOtpParams: VerifyMobileOtpParams | VerifyEmailOtpParams | VerifyTokenHashParams

WeakPassword

WeakPassword: { message: string; reasons: WeakPasswordReasons[] }

Type declaration

WeakPasswordReasons

WeakPasswordReasons: "length" | "characters" | "pwned" | string & {}

Variables

Const AuthAdminApi

AuthAdminApi: typeof GoTrueAdminApi = GoTrueAdminApi

Const AuthClient

AuthClient: typeof GoTrueClient = GoTrueClient

Const lockInternals

lockInternals: { debug: boolean } = ...
experimental

Type declaration

  • debug: boolean
    experimental

Functions

isAuthApiError

isAuthError

  • isAuthError(error: unknown): error is AuthError

isAuthImplicitGrantRedirectError

isAuthRetryableFetchError

isAuthSessionMissingError

isAuthWeakPasswordError

navigatorLock

  • navigatorLock<R>(name: string, acquireTimeout: number, fn: (() => Promise<R>)): Promise<R>

  • Implements a global exclusive lock using the Navigator LockManager API. It is available on all browsers released after 2022-03-15 with Safari being the last one to release support. If the API is not available, this function will throw. Make sure you check availablility before configuring GoTrueClient.

    You can turn on debugging by setting the supabase.gotrue-js.locks.debug local storage item to true.

    Internals:

    Since the LockManager API does not preserve stack traces for the async function passed in the request method, a trick is used where acquiring the lock releases a previously started promise to run the operation in the fn function. The lock waits for that promise to finish (with or without error), while the function will finally wait for the result anyway.

    Type Parameters

    • R

    Parameters

    • name: string

      Name of the lock to be acquired.

    • acquireTimeout: number

      If negative, no timeout. If 0 an error is thrown if the lock can't be acquired without waiting. If positive, the lock acquire will time out after so many milliseconds. An error is a timeout if it has isAcquireTimeout set to true.

    • fn: (() => Promise<R>)

      The operation to run once the lock is acquired.

        • (): Promise<R>

        • Returns Promise<R>

    Returns Promise<R>

Generated using TypeDoc