Skip to main content

Email And Password

How Handlet supports email/password sign-up, sign-in, and recovery.

Email and password authentication is available through Supabase Auth where the environment enables it.

Sign-up

The public sign-up route creates an authenticated user and then sends the user through confirmation, legal acceptance, onboarding, or the app home path depending on account state.

Sign-in

The sign-in route validates credentials through Supabase Auth. After a successful sign-in, app routing resolves the correct destination for the user.

Password recovery

Password reset emails are Supabase Auth emails. The reset flow returns through the app so the user can set a new password and continue securely.

Security notes

  • Do not expose server auth secrets to client components.
  • Use Supabase server clients for session-aware server code.
  • Let RLS enforce tenant access for standard product data.
  • Use admin clients only for narrowly scoped administrative tasks.
© 2026 Handlet. All rights reserved.

AI Assistance: Handlet currently uses AI for intent recognition and, where enabled, social post support. AI output can be wrong and should be checked before use. Learn More