Server-side admin operations against the Supabase Auth API.
Every function here requires a client configured with the project's
service-role key (not the anon key) as its access token — these
endpoints bypass Row-Level Security and must never be exposed to a browser.
(require '[supabase.core.client :as client]
'[supabase.auth.admin :as admin])
(def c (client/make-client "https://abc.supabase.co" "service-role-key"))
(admin/create-user c {:email "user@example.com" :password "secret"
:email-confirm true})
(admin/list-users c {:page 1 :per-page 50})
Each function returns {:status :body :headers} on success or an anomaly
map on failure. See https://supabase.com/docs/reference/javascript/auth-admin-api
Server-side admin operations against the Supabase Auth API.
Every function here requires a `client` configured with the project's
**service-role** key (not the anon key) as its access token — these
endpoints bypass Row-Level Security and must never be exposed to a browser.
## Example
(require '[supabase.core.client :as client]
'[supabase.auth.admin :as admin])
(def c (client/make-client "https://abc.supabase.co" "service-role-key"))
(admin/create-user c {:email "user@example.com" :password "secret"
:email-confirm true})
(admin/list-users c {:page 1 :per-page 50})
Each function returns `{:status :body :headers}` on success or an anomaly
map on failure. See https://supabase.com/docs/reference/javascript/auth-admin-api(create-user client attrs)Creates a user directly, bypassing sign-up flows. Set :email-confirm /
:phone-confirm to mark contacts as already verified.
client — service-role clientattrs — any of :email, :phone, :password, :email-confirm,
:phone-confirm, :user-metadata, :app-metadata, :ban-duration,
:role(create-user client {:email "a@b.com" :password "secret" :email-confirm true})
Creates a user directly, bypassing sign-up flows. Set `:email-confirm` /
`:phone-confirm` to mark contacts as already verified.
## Parameters
* `client` — service-role client
* `attrs` — any of `:email`, `:phone`, `:password`, `:email-confirm`,
`:phone-confirm`, `:user-metadata`, `:app-metadata`, `:ban-duration`,
`:role`
## Example
(create-user client {:email "a@b.com" :password "secret" :email-confirm true})(delete-factor client id factor-id)Deletes the MFA factor factor-id from user id. Permanent.
(delete-factor client "<user-id>" "<factor-id>")
Deletes the MFA factor `factor-id` from user `id`. Permanent.
## Example
(delete-factor client "<user-id>" "<factor-id>")(delete-user client id)(delete-user client id {:keys [soft?]})Deletes the user id. Pass :soft? true to soft-delete (retain the row,
marked deleted) instead of a hard delete.
(delete-user client "<user-id>")
(delete-user client "<user-id>" {:soft? true})
Deletes the user `id`. Pass `:soft? true` to soft-delete (retain the row,
marked deleted) instead of a hard delete.
## Example
(delete-user client "<user-id>")
(delete-user client "<user-id>" {:soft? true})(generate-link client params)Generates an email action link (and the underlying user) without sending an email, so the caller can deliver it through its own channel.
client — service-role clientparams:
:type — "signup", "invite", "magiclink", "recovery",
"email_change_current", or "email_change_new" (required):email — target email (required):password — required for "signup":new-email — required for the email-change types:data — user metadata (signup/invite only):options:
:redirect-to — URL the link points to(generate-link client {:type "signup" :email "a@b.com" :password "secret"})
Generates an email action link (and the underlying user) without sending
an email, so the caller can deliver it through its own channel.
## Parameters
* `client` — service-role client
* `params`:
* `:type` — `"signup"`, `"invite"`, `"magiclink"`, `"recovery"`,
`"email_change_current"`, or `"email_change_new"` (required)
* `:email` — target email (required)
* `:password` — required for `"signup"`
* `:new-email` — required for the email-change types
* `:data` — user metadata (signup/invite only)
* `:options`:
* `:redirect-to` — URL the link points to
## Example
(generate-link client {:type "signup" :email "a@b.com" :password "secret"})(get-user-by-id client id)Fetches a single user by `id`.
## Example
(get-user-by-id client "<user-id>")(invite-user-by-email client email)(invite-user-by-email client email options)Sends an invite email to email, creating the user in an unconfirmed state.
client — service-role clientemail — invitee address (required)options (optional):
:data — user metadata attached to the new user:redirect-to — URL the invite link points to(invite-user-by-email client "new@example.com" {:data {:role "member"}})
Sends an invite email to `email`, creating the user in an unconfirmed state.
## Parameters
* `client` — service-role client
* `email` — invitee address (required)
* `options` (optional):
* `:data` — user metadata attached to the new user
* `:redirect-to` — URL the invite link points to
## Example
(invite-user-by-email client "new@example.com" {:data {:role "member"}})(list-factors client id)Lists the MFA factors enrolled for user `id`.
## Example
(list-factors client "<user-id>")(list-users client)(list-users client opts)Lists users, paginated. The link response header carries next/prev page
cursors.
client — service-role clientopts (optional): :page (1-based) and :per-page(list-users client)
(list-users client {:page 2 :per-page 100})
Lists users, paginated. The `link` response header carries next/prev page
cursors.
## Parameters
* `client` — service-role client
* `opts` (optional): `:page` (1-based) and `:per-page`
## Example
(list-users client)
(list-users client {:page 2 :per-page 100})(sign-out client access-token)(sign-out client access-token scope)Revokes sessions for the user identified by access-token.
scope selects which sessions to revoke:
"global" (default) — all sessions"local" — only the current session"others" — all sessions except the current one(sign-out client "<access-token>")
(sign-out client "<access-token>" "others")
Revokes sessions for the user identified by `access-token`.
`scope` selects which sessions to revoke:
- `"global"` (default) — all sessions
- `"local"` — only the current session
- `"others"` — all sessions except the current one
## Example
(sign-out client "<access-token>")
(sign-out client "<access-token>" "others")(update-user-by-id client id attrs)Updates the user id with attrs (same keys as create-user, plus
:nonce).
(update-user-by-id client "<user-id>" {:role "admin"})
Updates the user `id` with `attrs` (same keys as `create-user`, plus
`:nonce`).
## Example
(update-user-by-id client "<user-id>" {:role "admin"})cljdoc builds & hosts documentation for Clojure/Script libraries
| Ctrl+k | Jump to recent docs |
| ← | Move to previous article |
| → | Move to next article |
| Ctrl+/ | Jump to the search field |