Authentication and user management against Supabase Auth.
Supports password, OAuth, OTP, SSO, ID-token, Web3 and anonymous sign-in,
user retrieval and sign-up, the full session/identity lifecycle
(verify-otp, refresh-session, update-user, resend,
reset-password-for-email, exchange-code-for-session, reauthenticate,
get-claims, identity linking) and server observability
(get-server-health, get-server-settings).
See supabase.auth.admin for the service-role admin API.
(require '[supabase.core.client :as client]
'[supabase.auth :as auth])
(def c (client/make-client "https://abc.supabase.co" "anon-key"))
(auth/sign-up c {:email "user@example.com" :password "secure-password"})
(auth/sign-in-with-password c {:email "user@example.com" :password "secure-password"})
Each function returns {:status :body :headers} on success or an anomaly
map on failure. See https://supabase.com/docs/reference/javascript/auth-api
Authentication and user management against Supabase Auth.
Supports password, OAuth, OTP, SSO, ID-token, Web3 and anonymous sign-in,
user retrieval and sign-up, the full session/identity lifecycle
(`verify-otp`, `refresh-session`, `update-user`, `resend`,
`reset-password-for-email`, `exchange-code-for-session`, `reauthenticate`,
`get-claims`, identity linking) and server observability
(`get-server-health`, `get-server-settings`).
See `supabase.auth.admin` for the service-role admin API.
## Example
(require '[supabase.core.client :as client]
'[supabase.auth :as auth])
(def c (client/make-client "https://abc.supabase.co" "anon-key"))
(auth/sign-up c {:email "user@example.com" :password "secure-password"})
(auth/sign-in-with-password c {:email "user@example.com" :password "secure-password"})
Each function returns `{:status :body :headers}` on success or an anomaly
map on failure. See https://supabase.com/docs/reference/javascript/auth-apiServer-side admin operations against the Supabase Auth API.
Every function here requires a client configured with the project's
service-role key (not the anon key) as its access token — these
endpoints bypass Row-Level Security and must never be exposed to a browser.
(require '[supabase.core.client :as client]
'[supabase.auth.admin :as admin])
(def c (client/make-client "https://abc.supabase.co" "service-role-key"))
(admin/create-user c {:email "user@example.com" :password "secret"
:email-confirm true})
(admin/list-users c {:page 1 :per-page 50})
Each function returns {:status :body :headers} on success or an anomaly
map on failure. See https://supabase.com/docs/reference/javascript/auth-admin-api
Server-side admin operations against the Supabase Auth API.
Every function here requires a `client` configured with the project's
**service-role** key (not the anon key) as its access token — these
endpoints bypass Row-Level Security and must never be exposed to a browser.
## Example
(require '[supabase.core.client :as client]
'[supabase.auth.admin :as admin])
(def c (client/make-client "https://abc.supabase.co" "service-role-key"))
(admin/create-user c {:email "user@example.com" :password "secret"
:email-confirm true})
(admin/list-users c {:page 1 :per-page 50})
Each function returns `{:status :body :headers}` on success or an anomaly
map on failure. See https://supabase.com/docs/reference/javascript/auth-admin-apiLocal JWT decoding and asymmetric signature verification for Supabase Auth.
Supabase issues JWTs signed with either a symmetric secret (HS256, the
legacy default — not verifiable client-side) or an asymmetric key
(RS256 / ES256). For asymmetric algorithms the public keys are
published at <auth-url>/.well-known/jwks.json; this namespace fetches
and caches that JWKS and verifies signatures using the JDK's built-in
crypto, with no third-party dependency.
Callers should use supabase.auth/get-claims rather than these helpers
directly.
Local JWT decoding and asymmetric signature verification for Supabase Auth. Supabase issues JWTs signed with either a symmetric secret (`HS256`, the legacy default — not verifiable client-side) or an asymmetric key (`RS256` / `ES256`). For asymmetric algorithms the public keys are published at `<auth-url>/.well-known/jwks.json`; this namespace fetches and caches that JWKS and verifies signatures using the JDK's built-in crypto, with no third-party dependency. Callers should use [[supabase.auth/get-claims]] rather than these helpers directly.
Multi-factor authentication against Supabase Auth.
Supports TOTP (authenticator apps), phone (SMS / WhatsApp) and WebAuthn
factors. Every function acts on behalf of the signed-in user identified
by access-token — the JWT from an active session.
The usual TOTP flow:
(require '[supabase.auth.mfa :as mfa])
;; 1. enroll — body carries the QR code / secret to show the user
(mfa/enroll client token {:factor-type "totp" :friendly-name "authenticator"})
;; 2. user scans the QR and types the 6-digit code
(mfa/challenge-and-verify client token factor-id "123456")
Phone and WebAuthn factors need the explicit challenge + verify
round-trip since the response arrives out of band.
Each function returns {:status :body :headers} on success or an anomaly
map on failure. See https://supabase.com/docs/guides/auth/auth-mfa
Multi-factor authentication against Supabase Auth.
Supports TOTP (authenticator apps), phone (SMS / WhatsApp) and WebAuthn
factors. Every function acts on behalf of the signed-in user identified
by `access-token` — the JWT from an active session.
The usual TOTP flow:
(require '[supabase.auth.mfa :as mfa])
;; 1. enroll — body carries the QR code / secret to show the user
(mfa/enroll client token {:factor-type "totp" :friendly-name "authenticator"})
;; 2. user scans the QR and types the 6-digit code
(mfa/challenge-and-verify client token factor-id "123456")
Phone and WebAuthn factors need the explicit `challenge` + `verify`
round-trip since the response arrives out of band.
Each function returns `{:status :body :headers}` on success or an anomaly
map on failure. See https://supabase.com/docs/guides/auth/auth-mfaMalli schemas for Supabase Auth entities and operations.
Used internally to validate API responses and operation inputs. Schemas follow the Supabase Auth API specification: https://supabase.com/docs/reference/javascript/auth-api
Malli schemas for Supabase Auth entities and operations. Used internally to validate API responses and operation inputs. Schemas follow the Supabase Auth API specification: https://supabase.com/docs/reference/javascript/auth-api
cljdoc builds & hosts documentation for Clojure/Script libraries
| Ctrl+k | Jump to recent docs |
| ← | Move to previous article |
| → | Move to next article |
| Ctrl+/ | Jump to the search field |