The RDS Supabase Authentication module manages user identities for your application. It supports email, phone number (SMS), and OAuth sign-up flows, along with standard sign-in, profile update, and sign-out operations.
Setting up any authentication method involves two steps:
Set the required parameters in the Supabase Auth configuration on the Alibaba Cloud Management Console.
Call the corresponding Supabase JavaScript SDK method in your application.
Prerequisites
Before you begin, make sure you have:
An RDS Supabase instance
Access to the Alibaba Cloud Management Console
The Supabase JavaScript SDK installed in your project
Sign up users
Email sign-up
Email sign-up requires a configured SMTP server to send verification emails. Set the following parameters in the Supabase Auth configuration on the Alibaba Cloud Management Console:
| Parameter | Description | Example |
|---|---|---|
GOTRUE_SMTP_HOST | SMTP server address | smtp.gmail.com |
GOTRUE_SMTP_PORT | SMTP server port | 587 or 465 |
GOTRUE_SMTP_USER | SMTP username (usually an email address) | noreply@example.com |
GOTRUE_SMTP_PASS | SMTP password or app-specific password | — |
GOTRUE_SMTP_SENDER_NAME | Sender name displayed in outgoing emails | Supabase Support Team |
GOTRUE_SMTP_ADMIN_EMAIL | Administrator email address for system emails | — |
GOTRUE_EXTERNAL_EMAIL_ENABLED | Whether to allow email-based sign-up and sign-in | — |
GOTRUE_MAILER_AUTOCONFIRM | Whether to skip email verification and auto-confirm users (useful in development) | — |
GOTRUE_SITE_URL | Frontend URL to redirect users to after operations such as password reset | https://your-app.com |
API_EXTERNAL_URL | Externally accessible API address, used for callbacks | https://api.your-app.com |
After configuration, call:
const { data, error } = await supabase.auth.signUp({
email: 'example@email.com',
password: 'example-password',
})Phone number sign-up
RDS Supabase supports two SMS methods: SMS webhook and Alibaba Cloud SMS. If both are configured, SMS webhook takes precedence.
Option 1: SMS webhook
SMS webhook routes verification messages through your own HTTPS endpoint. Set the following parameters in the Supabase Auth configuration on the Alibaba Cloud Management Console:
| Parameter | Description |
|---|---|
GOTRUE_HOOK_SEND_SMS_ENABLED | Whether to enable SMS sending via webhook |
GOTRUE_HOOK_SEND_SMS_URI | HTTPS endpoint that receives SMS send requests |
GOTRUE_HOOK_SEND_SMS_SECRETS | Webhook signing secret; must be a Base64-encoded string starting with v1,whsec_ |
GOTRUE_SMS_AUTOCONFIRM | Whether to auto-confirm the one-time password (OTP). Set to false to require verification. |
GOTRUE_SMS_OTP_EXP | OTP validity period in seconds (for example, 60) |
Option 2: Alibaba Cloud SMS
Alibaba Cloud SMS routes verification messages through Alibaba Cloud SMS service. Before configuring, make sure your AccessKey pair has the AliyunDysmsFullAccess and AliyunDypnsFullAccess permissions, and that you have a configured SMS signature and template.
Set the following parameters in the Supabase Auth configuration on the Alibaba Cloud Management Console:
| Parameter | Description | Example |
|---|---|---|
GOTRUE_SMS_PROVIDER | SMS provider | aliyun |
GOTRUE_SMS_ALIYUN_ACCESS_KEY_ID | Alibaba Cloud AccessKey ID | — |
GOTRUE_SMS_ALIYUN_ACCESS_KEY_SECRET | Alibaba Cloud AccessKey secret | — |
GOTRUE_SMS_ALIYUN_REGION_ID | Region of the Alibaba Cloud SMS service | cn-beijing |
GOTRUE_SMS_ALIYUN_SIGN_NAME | SMS signature name | Sutong Internet Captcha. |
GOTRUE_SMS_ALIYUN_TEMPLATE_CODE | SMS template code | 100001 |
GOTRUE_SMS_ALIYUN_IS_TEST | Set to true to use the default test signature and template from the Alibaba Cloud SMS console. Omit or set to false if using your own signature and template. | true |
GOTRUE_SMS_AUTOCONFIRM | Whether to auto-confirm the OTP. Set to false to require verification. | false |
GOTRUE_SMS_OTP_EXP | OTP validity period in seconds | 60 |
After configuring either method, call:
const { data, error } = await supabase.auth.signUp({
phone: '1381111****',
password: 'example-password',
options: {
channel: 'sms'
}
})OAuth sign-up
RDS Supabase supports Alipay, WeChat, Google, and GitHub as OAuth providers. Each provider requires four parameters in the Supabase Auth configuration on the Alibaba Cloud Management Console:
| Parameter | Description |
|---|---|
GOTRUE_EXTERNAL_{PROVIDER}_ENABLED | Whether to enable the provider |
GOTRUE_EXTERNAL_{PROVIDER}_CLIENT_ID | OAuth client ID (AppID for Alipay and WeChat; client ID for Google and GitHub) |
GOTRUE_EXTERNAL_{PROVIDER}_SECRET | OAuth client secret (AppSecret for Alipay and WeChat; client secret for Google and GitHub) |
GOTRUE_EXTERNAL_{PROVIDER}_REDIRECT_URI | Authorization callback URL. Format: http(s)://your-supabase-url/auth/v1/callback |
Replace {PROVIDER} with ALIPAY, WECHAT, GOOGLE, or GITHUB.
After configuring a provider, call:
const { data, error } = await supabase.auth.signInWithOAuth({
provider: 'alipay', // or 'wechat', 'google', 'github'
})Sign in users
Sign in users with an email and password, a phone number and password, or an OAuth provider:
// Sign in with email
const { data, error } = await supabase.auth.signInWithPassword({
email: 'example@email.com',
password: 'example-password',
})
// Sign in with phone number
const { data, error } = await supabase.auth.signInWithPassword({
phone: '+1381111****',
password: 'some-password',
})
// Sign in with an OAuth provider
const { data, error } = await supabase.auth.signInWithOAuth({
provider: 'provider_name' // 'alipay', 'wechat', 'google', or 'github'
})Update user information
The user must be signed in before calling updateUser(). Update their email or password as follows:
// Update email
const { data, error } = await supabase.auth.updateUser({
email: 'new****@email.com'
})
// Update password
const { data, error } = await supabase.auth.updateUser({
password: 'new password'
})Sign out users
const { error } = await supabase.auth.signOut()