Skip to main content

Auth Configuration

Supabase Auth, redirect, and email settings used by Handlet.

Handlet auth behavior is split between Supabase configuration, app route configuration, and environment variables.

Supabase Auth

Supabase Auth handles identity, sessions, confirmation emails, and password recovery. Local Supabase settings live in apps/web/supabase/config.toml.

Redirects

Auth callbacks return through the app callback route, then route users into onboarding or the correct workspace based on session state and account access.

Email verification

Email verification must match the Supabase project settings and the app's expected sign-up flow. If confirmation is required, users must complete the email link before signed-in routes are available.

Emails sent by Supabase

Supabase Auth emails such as password reset, sign-in links, and email verifications are configured from apps/web/supabase/config.toml.

In this repo, the tracked [auth.email.smtp] block is the source of truth for non-secret SMTP settings, and the password is supplied via SUPABASE_AUTH_SMTP_PASS. The CI render step does not rewrite the rest of the SMTP block.

This only covers Supabase Auth emails. App-owned transactional emails such as team invitations or waitlist approval emails use the app mailer. In local development, configure the app mailer to send to Mailpit SMTP on localhost:54325 so both channels land in the same local inbox UI.

© 2026 Handlet. All rights reserved.

AI Assistance: Handlet currently uses AI for intent recognition and, where enabled, social post support. AI output can be wrong and should be checked before use. Learn More