Skip to main content

Configuration

Learn how authentication works in MakerKit and how to configure it.

The way you want your users to authenticate can be driven via configuration.

If you open the global configuration at src/configuration.ts, you'll find the auth object:

import type { Provider } from '@supabase/gotrue-js/src/lib/types';

auth: {
  requireEmailConfirmation: false,
  providers: {
    emailPassword: true,
    phoneNumber: false,
    emailLink: false,
    oAuth: ['google'] as Provider[],
  },
}

As you can see, the providers object can be configured to only display the auth methods we want to use.

  1. For example, by setting both phoneNumber and emailLink to true, the authentication pages will display the Email Link authentication and the Phone Number authentication forms.
  2. Instead, by setting emailPassword to false, we will remove the email/password form from the authentication and user profile pages.

Requiring Email Verification

This setting needs to match what you have set up in Supabase. If you require email confirmation before your users can sign in, you will have to flip the following flag in your configuration:

auth: {
  requireEmailConfirmation: false,
}

When the flag is set to true, the user will not be redirected to the onboarding flow, but will instead see a successful alert asking them to confirm their email. After confirmation, they will be able to sign in.

When the flag is set to false, the application will redirect them directly to the onboarding flow.

Emails sent by Supabase

Supabase Auth emails such as password reset, sign-in links, and email verifications are configured from apps/web/supabase/config.toml.

In this repo, the tracked [auth.email.smtp] block is the source of truth for non-secret SMTP settings, and the password is supplied via SUPABASE_AUTH_SMTP_PASS. The CI render step does not rewrite the rest of the SMTP block.

This only covers Supabase Auth emails. App-owned transactional emails such as team invitations or waitlist approval emails use the app mailer. In local development, configure the app mailer to send to Mailpit SMTP on localhost:54325 so both channels land in the same local inbox UI.

© 2026 Handlet. All rights reserved.

AI Assistance: Handlet uses AI to classify intent and draft responses. All suggestions are for your review. You are responsible for all messages sent. Learn More