JavaScript: Verify and log in through OTP

Log in a user given a User supplied OTP or TokenHash received through mobile or email.

• The verifyOtp method takes in different verification types.
• If a phone number is used, the type can either be:
  1. sms – Used when verifying a one-time password (OTP) sent via SMS during sign-up or sign-in.
  2. phone_change – Used when verifying an OTP sent to a new phone number during a phone number update process.
• If an email address is used, the type can be one of the following (note: signup and magiclink types are deprecated):
  1. email – Used when verifying an OTP sent to the user's email during sign-up or sign-in.
  2. recovery – Used when verifying an OTP sent for account recovery, typically after a password reset request.
  3. invite – Used when verifying an OTP sent as part of an invitation to join a project or organization.
  4. email_change – Used when verifying an OTP sent to a new email address during an email update process.
• The verification type used should be determined based on the corresponding auth method called before verifyOtp to sign up / sign-in a user.
• The TokenHash is contained in the email templates and can be used to sign in. You may wish to use the hash with Magic Links for the PKCE flow for Server Side Auth. See this guide for more details.

Parameters

• params

  (Required)

Examples

Verify Signup One-Time Password (OTP)

const { data, error } = await supabase.auth.verifyOtp({ email, token, type: 'email'})

Verify Sms One-Time Password (OTP)

const { data, error } = await supabase.auth.verifyOtp({ phone, token, type: 'sms'})

Verify Email Auth (Token Hash)

const { data, error } = await supabase.auth.verifyOtp({ token_hash: tokenHash, type: 'email'})