Verify and log in through OTP
Log in a user given a User supplied OTP or TokenHash received through mobile or email.
- The
verifyOtpmethod takes in different verification types. If a phone number is used, the type can either besmsorphone_change. If an email address is used, the type can be one of the following:email,recovery,inviteoremail_change(signupandmagiclinktypes are deprecated). - The verification type used should be determined based on the corresponding auth method called before
verifyOtpto sign up / sign-in a user. - The
TokenHashis contained in the email templates and can be used to sign in. You may wish to use the hash with Magic Links for the PKCE flow for Server Side Auth. See this guide for more details.
Parameters
params
REQUIRED
VerifyOtpParamsphone
Optional
stringOne of `phone`, `email`, or `token_hash` must be provided.
email
Optional
stringOne of `phone`, `email`, or `token_hash` must be provided.
token_hash
Optional
stringThe token hash from the user's email link. One of `phone`, `email`, or `token_hash` must be provided.
type
REQUIRED
sms | phone_change | signup | invite | magiclink | recovery | email_change | emailtoken
Optional
stringThe OTP sent to the user. Required if using `phone` or `email`.
options
Optional
objectredirectTo
Optional
stringA URL to redirect the user to after they are confirmed. Must be in your configured redirect URLs.
captchaToken
Optional
stringDeprecated.
const { data, error } = await supabase.auth.verifyOtp({ email, token, type: 'email'})