Skip to main content

Source: ocean/docs/FIX_SUPABASE_OTP_CLI.md | ✏️ Edit on GitHub

Fix Supabase OTP Configuration via CLI

Issues to Fix

  1. OTP vs Magic Link: App expects OTP codes but Supabase sends magic links
  2. OTP Expiry Warning: OTP expiry is set to more than 1 hour (security issue)

Solution Applied

1. Local Configuration Updated

  • OTP Expiry: Set to 10 minutes (600 seconds) in supabase/config.toml
  • Email Templates: Already configured to use {{ .Token }} for OTP codes
  • Redirect URLs: Added production URL to allowed redirects

2. Migration Created

  • Created supabase/migrations/20250127000000_fix_otp_expiry.sql
  • Sets OTP expiry to 10 minutes
  • Ensures email provider is enabled
  • Sets OTP length to 6 digits

Apply Changes

For Local Development

# Start Supabase locally
supabase start

# Apply the new migration
supabase db push

# Check email templates are loaded
supabase inspect db auth.email_templates

For Production

# Link to your project
supabase link --project-ref fldiayolmgphysdwgsuk

# Push the migration
supabase db push

# Update remote config
supabase config push

Option 2: Manual Dashboard Configuration

  1. Fix OTP Expiry:

    • Go to Settings → Auth → Email Auth
    • Set "OTP Expiry Duration" to 600 seconds (10 minutes)

  2. Update Email Templates:

    • Go to Authentication → Email Templates
    • For each template, ensure it uses {{ .Token }} not {{ .ConfirmationURL }}

  3. Add Redirect URLs:

    • Go to Authentication → URL Configuration
    • Add https://ocean-goldfish.vercel.app/auth/callback to redirect URLs

Verify Configuration

Test OTP Flow

  1. Sign up with a test email
  2. You should receive a 6-digit code (not a link)
  3. Enter the code on the verify page
  4. Code should work within 10 minutes

Check Security Status

  • Go to Supabase Dashboard → Settings → Security
  • The "Auth OTP Long Expiry" warning should be resolved

Environment Variables

Ensure these are set in Vercel:

VITE_SUPABASE_URL=your_supabase_url
VITE_SUPABASE_ANON_KEY=your_anon_key

Troubleshooting

  1. Clear Supabase email template cache:

    supabase db reset
    supabase db push

  2. Check the auth config:

    SELECT * FROM auth.config WHERE key LIKE '%email%';

OTP Expiry Warning Persists?

Run this SQL in Supabase SQL Editor:

UPDATE auth.config SET value = '600' WHERE key = 'email_otp_exp';

Email Not Arriving?

  • Check spam folder
  • Verify email provider is enabled in Supabase
  • For local dev, check Inbucket at http://localhost:54324