All Products
Search
Document Center

ApsaraDB RDS:Authentication

Last Updated:Apr 10, 2026

The RDS Supabase authentication module is a comprehensive user management system that supports multiple authentication methods. You can integrate it into your application as a standalone module.

Basic operations

Create a new user

  1. Email sign-up.

    To enable email sign-up, first configure your mail server (SMTP) settings in the Supabase Auth configuration on the Alibaba Cloud console. The following parameters are required:

    Basic configuration parameters

    GOTRUE_SMTP_PORT                 # The SMTP server port for sending emails (e.g., 587, 465).
    GOTRUE_EXTERNAL_EMAIL_ENABLED    # Enables email sign-up and sign-in.
    GOTRUE_SMTP_SENDER_NAME          # The sender name displayed in emails (e.g., "Supabase Support Team").
    GOTRUE_SMTP_USER                 # The username to log in to the SMTP server (usually an email address).
    GOTRUE_SMTP_PASS                 # The password or app-specific password to log in to the SMTP server.
    GOTRUE_SMTP_ADMIN_EMAIL          # The administrator's email address for receiving or sending system emails.
    GOTRUE_SMTP_HOST                 # The address of the SMTP server (e.g., smtp.gmail.com or smtp.mailgun.org).
    GOTRUE_MAILER_AUTOCONFIRM        # Skips email verification and automatically confirms users (common in development environments).
    GOTRUE_SITE_URL                  # The URL of your frontend application where users are redirected after an action, such as a password reset.
    API_EXTERNAL_URL                 # The externally accessible URL of your API (e.g., https://api.example.com), used for callbacks or notifications.

    Email template parameters

    GOTRUE_MAILER_TEMPLATES_MAGIC_LINK       # Template for the magic link email, which contains a one-time sign-in link.
    GOTRUE_MAILER_TEMPLATES_RECOVERY         # Template for the password reset email, sent when a user requests to reset their password.
    GOTRUE_MAILER_TEMPLATES_CONFIRMATION     # Template for the confirmation email, sent to a new user to verify their email address.
    GOTRUE_MAILER_TEMPLATES_EMAIL_CHANGE     # Template for the email change confirmation email, sent to a user's new email address for verification.
    GOTRUE_MAILER_TEMPLATES_INVITE           # Template for the invitation email, sent when an administrator invites a new user.
    GOTRUE_MAILER_TEMPLATES_REAUTHENTICATION # Template for the reauthentication email, sent when a user needs to re-verify their identity for sensitive actions.
    Note

    For details about configuring email template parameters, see Email Authentication and Email Template Configuration for RDS Supabase.

    After configuration, call the following method:

    const { data, error } = await supabase.auth.signUp({
      email: 'example@email.com',
      password: 'example-password',
    })
  2. Phone number sign-up.

    You can enable phone number sign-up using one of two methods: SMS webhook and Alibaba Cloud SMS provider.

    SMS webhook: Configure a webhook for an SMS sending service. Supabase calls this hook to send verification messages. Set the following parameters in the Supabase Auth configuration on the Alibaba Cloud console:

    GOTRUE_HOOK_SEND_SMS_ENABLED     # Enables the SMS sending feature.
    GOTRUE_HOOK_SEND_SMS_URI         # The HTTPS service endpoint for sending SMS confirmation messages.
    GOTRUE_HOOK_SEND_SMS_SECRETS     # The secret key for the hook. It must be a base64-encoded string that starts with `v1,whsec_`.
    GOTRUE_SMS_AUTOCONFIRM=false     # Specifies whether to automatically confirm the phone number.
    GOTRUE_SMS_OTP_EXP=60            # The validity period of the SMS one-time password (OTP), in seconds.

    Alibaba Cloud SMS provider: Configure the signature and template for the Alibaba Cloud SMS service. You also need an AccessKey ID and AccessKey Secret with AliyunDysmsFullAccess and AliyunDypnsFullAccess permissions.

    GOTRUE_SMS_PROVIDER=aliyun                 # The SMS provider. Set this to `aliyun`.
    GOTRUE_SMS_ALIYUN_ACCESS_KEY_ID=xxx        # Your Alibaba Cloud AccessKey ID.
    GOTRUE_SMS_ALIYUN_ACCESS_KEY_SECRET=xxx    # Your Alibaba Cloud AccessKey Secret.
    GOTRUE_SMS_ALIYUN_REGION_ID=cn-hangzhou    # The region of the Alibaba Cloud SMS service. For details about supported regions, see the note below.
    GOTRUE_SMS_ALIYUN_SIGN_NAME=Your-Sign-Name # The signature name for Alibaba Cloud SMS.
    GOTRUE_SMS_ALIYUN_TEMPLATE_CODE=100001     # The template code for Alibaba Cloud SMS.
    GOTRUE_SMS_ALIYUN_IS_TEST=true             # If you use the default signature and template from the Alibaba Cloud SMS service (https://dypns.console.aliyun.com/smsServiceOverview), set this to `true`. If you use a custom signature and template, omit this parameter or set it to `false`.
    GOTRUE_SMS_AUTOCONFIRM=false               # Specifies whether to automatically confirm the phone number.
    GOTRUE_SMS_OTP_EXP=60                      # The validity period of the SMS OTP, in seconds.
    Note
    • When both SMS Webhook and Alibaba Cloud SMS Provider are configured, the SMS Webhook method is used because SMS Webhook has a higher priority.

    After configuration, call the following method:

    const { data, error } = await supabase.auth.signUp({
      phone: '1381111****',
      password: 'example-password',
      options: {
        channel: 'sms'
      }
    })
  3. Alipay authentication.

    To enable Alipay sign-in, set the following parameters in the Supabase Auth configuration on the Alibaba Cloud console:

    GOTRUE_EXTERNAL_ALIPAY_ENABLED      # Enables Alipay sign-in.
    GOTRUE_EXTERNAL_ALIPAY_CLIENT_ID    # The client ID of your Alipay application.
    GOTRUE_EXTERNAL_ALIPAY_SECRET       # The client secret of your Alipay application.
    GOTRUE_EXTERNAL_ALIPAY_REDIRECT_URI # The redirect URI. Format: `http(s):///auth/v1/callback`

    After configuration, call the following method:

    const { data, error } = await supabase.auth.signInWithOAuth({
      provider: 'alipay',
    })
  4. WeChat authentication.

    To enable WeChat sign-in, set the following parameters in the Supabase Auth configuration on the Alibaba Cloud console:

    GOTRUE_EXTERNAL_WECHAT_ENABLED      # Enables WeChat sign-in.
    GOTRUE_EXTERNAL_WECHAT_CLIENT_ID    # The client ID of your WeChat application.
    GOTRUE_EXTERNAL_WECHAT_SECRET       # The client secret of your WeChat application.
    GOTRUE_EXTERNAL_WECHAT_REDIRECT_URI # The redirect URI. Format: `http(s):///auth/v1/callback`

    After configuration, call the following method:

    const { data, error } = await supabase.auth.signInWithOAuth({
      provider: 'wechat',
    })
  5. Google authentication.

    To enable Google sign-in, set the following parameters in the Supabase Auth configuration on the Alibaba Cloud console:

    GOTRUE_EXTERNAL_GOOGLE_ENABLED      # Enables Google sign-in.
    GOTRUE_EXTERNAL_GOOGLE_CLIENT_ID    # The client ID for your Google OAuth application.
    GOTRUE_EXTERNAL_GOOGLE_SECRET       # The client secret for your Google OAuth application.
    GOTRUE_EXTERNAL_GOOGLE_REDIRECT_URI # The redirect URI. Format: `http(s):///auth/v1/callback`

    After configuration, call the following method:

    const { data, error } = await supabase.auth.signInWithOAuth({
      provider: 'google',
    })
  6. GitHub authentication.

    To enable GitHub sign-in, set the following parameters in the Supabase Auth configuration on the Alibaba Cloud console:

    GOTRUE_EXTERNAL_GITHUB_ENABLED      # Enables GitHub sign-in.
    GOTRUE_EXTERNAL_GITHUB_CLIENT_ID    # The client ID of your GitHub OAuth App.
    GOTRUE_EXTERNAL_GITHUB_SECRET       # The client secret of your GitHub OAuth App.
    GOTRUE_EXTERNAL_GITHUB_REDIRECT_URI # The redirect URI. Format: `http(s):///auth/v1/callback`

    After configuration, call the following method:

    const { data, error } = await supabase.auth.signInWithOAuth({
      provider: 'github',
    })

Sign in a user

Sign in a user with an email and password, a phone number and password, or an OAuth provider.

// Sign in with email
const { data, error } = await supabase.auth.signInWithPassword({
  email: 'example@email.com',
  password: 'example-password',
})

// Sign in with a phone number
const { data, error } = await supabase.auth.signInWithPassword({
  phone: '+1381111****',
  password: 'some-password',
})

// Sign in with a third-party OAuth provider
const { data, error } = await supabase.auth.signInWithOAuth({
  provider: 'provider_name'
})
// Available provider values:
// 'alipay'  - Alipay
// 'wechat'  - WeChat
// 'google'  - Google
// 'github'  - GitHub

Update a user

Update the profile information for the signed-in user. You must be signed in to call the updateUser() method.

// Update email
const { data, error } = await supabase.auth.updateUser({
  email: 'new****@email.com'
})

// Update password
const { data, error } = await supabase.auth.updateUser({
  password: 'new-password'
})

Sign out a user

Sign out the currently signed-in user.

const { error } = await supabase.auth.signOut()

References

  • For more information about Supabase authentication, see Auth.

  • For the Supabase JavaScript SDK, see JavaScript.

  • For more information about signing in with a phone number, see phone-login.

  • For more information about the SMS webhook, see SMS Hook.