GoTrueAdminApi

import { GoTrueAdminApi } from "https://esm.sh/@supabase/supabase-js@2.101.0/dist/index.d.mts";

class GoTrueAdminApi {

constructor({ url, headers, fetch }: {

url: string;

headers?: {

[key: string]: string;

};

fetch?: Fetch;

});

private _createCustomProvider;

private _createOAuthClient;

private _deleteCustomProvider;

private _deleteFactor;

private _deleteOAuthClient;

private _getCustomProvider;

private _getOAuthClient;

private _listCustomProviders;

private _listFactors;

private _listOAuthClients;

private _regenerateOAuthClientSecret;

private _updateCustomProvider;

private _updateOAuthClient;

protected fetch: Fetch;

protected headers: {

[key: string]: string;

};

protected url: string;

customProviders: GoTrueAdminCustomProvidersApi;

mfa: GoTrueAdminMFAApi;

oauth: GoTrueAdminOAuthApi;

createUser(attributes: AdminUserAttributes): Promise<UserResponse>;

deleteUser(id: string, shouldSoftDelete?: boolean): Promise<UserResponse>;

generateLink(params: GenerateLinkParams): Promise<GenerateLinkResponse>;

getUserById(uid: string): Promise<UserResponse>;

inviteUserByEmail(email: string, options?: {

data?: object;

redirectTo?: string;

}): Promise<UserResponse>;

listUsers(params?: PageParams): Promise<{

data: {

users: User[];

aud: string;

} & Pagination;

error: null;

} | {

data: {

users: [];

};

error: AuthError;

}>;

signOut(jwt: string, scope?: SignOutScope): Promise<{

data: null;

error: AuthError | null;

}>;

updateUserById(uid: string, attributes: AdminUserAttributes): Promise<UserResponse>;

}

§Constructors

new GoTrueAdminApi({ url, headers, fetch }: {

url: string;

headers?: {

[key: string]: string;

};

fetch?: Fetch;

})

[src]

Creates an admin API client that can be used to manage users and OAuth clients.

@example

import { GoTrueAdminApi } from '@supabase/auth-js'

const admin = new GoTrueAdminApi({
  url: 'https://xyzcompany.supabase.co/auth/v1',
  headers: { Authorization: `Bearer ${process.env.SUPABASE_SERVICE_ROLE_KEY}` },
})

§Properties

_createCustomProvider

[src]

Creates a new custom OIDC/OAuth provider.

For OIDC providers, the server fetches and validates the OpenID Connect discovery document from the issuer's well-known endpoint (or the provided discovery_url) at creation time. This may return a validation error (error_code: "validation_failed") if the discovery document is unreachable, not valid JSON, missing required fields, or if the issuer in the document does not match the expected issuer.

This function should only be called on a server. Never expose your service_role key in the browser.

_createOAuthClient

[src]

Creates a new OAuth client. Only relevant when the OAuth 2.1 server is enabled in Supabase Auth.

This function should only be called on a server. Never expose your service_role key in the browser.

_deleteCustomProvider

[src]

Deletes a custom provider.

This function should only be called on a server. Never expose your service_role key in the browser.

_deleteFactor

[src]

_deleteOAuthClient

[src]

Deletes an OAuth client. Only relevant when the OAuth 2.1 server is enabled in Supabase Auth.

This function should only be called on a server. Never expose your service_role key in the browser.

_getCustomProvider

[src]

Gets details of a specific custom provider by identifier.

This function should only be called on a server. Never expose your service_role key in the browser.

_getOAuthClient

[src]

Gets details of a specific OAuth client. Only relevant when the OAuth 2.1 server is enabled in Supabase Auth.

This function should only be called on a server. Never expose your service_role key in the browser.

_listCustomProviders

[src]

Lists all custom providers with optional type filter.

This function should only be called on a server. Never expose your service_role key in the browser.

_listFactors

[src]

_listOAuthClients

[src]

Lists all OAuth clients with optional pagination. Only relevant when the OAuth 2.1 server is enabled in Supabase Auth.

This function should only be called on a server. Never expose your service_role key in the browser.

_regenerateOAuthClientSecret

[src]

Regenerates the secret for an OAuth client. Only relevant when the OAuth 2.1 server is enabled in Supabase Auth.

This function should only be called on a server. Never expose your service_role key in the browser.

_updateCustomProvider

[src]

Updates an existing custom provider.

When issuer or discovery_url is changed on an OIDC provider, the server re-fetches and validates the discovery document before persisting. This may return a validation error (error_code: "validation_failed") if the discovery document is unreachable, invalid, or the issuer does not match.

This function should only be called on a server. Never expose your service_role key in the browser.

_updateOAuthClient

[src]

Updates an existing OAuth client. Only relevant when the OAuth 2.1 server is enabled in Supabase Auth.

This function should only be called on a server. Never expose your service_role key in the browser.

fetch: Fetch

[src]

headers: {

[key: string]: string;

}

[src]

url: string

[src]

customProviders: GoTrueAdminCustomProvidersApi

[src]

Contains all custom OIDC/OAuth provider administration methods.

mfa: GoTrueAdminMFAApi

[src]

Contains all MFA administration methods.

oauth: GoTrueAdminOAuthApi

[src]

Contains all OAuth client administration methods. Only relevant when the OAuth 2.1 server is enabled in Supabase Auth.

§Methods

createUser(attributes: AdminUserAttributes): Promise<UserResponse>

[src]

Creates a new user. This function should only be called on a server. Never expose your service_role key in the browser.

@example

With custom user metadata

const { data, error } = await supabase.auth.admin.createUser({
  email: 'user@email.com',
  password: 'password',
  user_metadata: { name: 'Yoda' }
})

@example

Auto-confirm the user's email

const { data, error } = await supabase.auth.admin.createUser({
  email: 'user@email.com',
  email_confirm: true
})

@example

Auto-confirm the user's phone number

const { data, error } = await supabase.auth.admin.createUser({
  phone: '1234567890',
  phone_confirm: true
})

deleteUser(id: string, shouldSoftDelete?: boolean): Promise<UserResponse>

[src]

Delete a user. Requires a service_role key.

@param id

The user id you want to remove.

@param shouldSoftDelete

If true, then the user will be soft-deleted from the auth schema. Soft deletion allows user identification from the hashed user ID but is not reversible. Defaults to false for backward compatibility.

This function should only be called on a server. Never expose your service_role key in the browser.

@example

Removes a user

const { data, error } = await supabase.auth.admin.deleteUser(
  '715ed5db-f090-4b8c-a067-640ecee36aa0'
)

@example

generateLink(params: GenerateLinkParams): Promise<GenerateLinkResponse>

[src]

Generates email links and OTPs to be sent via a custom email provider.

@param email

The user's email.

@param options.password

User password. For signup only.

@param options.data

Optional user metadata. For signup only.

@param options.redirectTo

The redirect url which should be appended to the generated link

@example

Generate a signup link

const { data, error } = await supabase.auth.admin.generateLink({
  type: 'signup',
  email: 'email@example.com',
  password: 'secret'
})

@example

Generate an invite link

const { data, error } = await supabase.auth.admin.generateLink({
  type: 'invite',
  email: 'email@example.com'
})

@example

Generate a magic link

const { data, error } = await supabase.auth.admin.generateLink({
  type: 'magiclink',
  email: 'email@example.com'
})

@example

Generate a recovery link

const { data, error } = await supabase.auth.admin.generateLink({
  type: 'recovery',
  email: 'email@example.com'
})

@example

Generate links to change current email address

// generate an email change link to be sent to the current email address
const { data, error } = await supabase.auth.admin.generateLink({
  type: 'email_change_current',
  email: 'current.email@example.com',
  newEmail: 'new.email@example.com'
})

// generate an email change link to be sent to the new email address
const { data, error } = await supabase.auth.admin.generateLink({
  type: 'email_change_new',
  email: 'current.email@example.com',
  newEmail: 'new.email@example.com'
})

getUserById(uid: string): Promise<UserResponse>

[src]

Get user by id.

@param uid

The user's unique identifier

This function should only be called on a server. Never expose your service_role key in the browser.

@example

Fetch the user object using the access_token jwt

const { data, error } = await supabase.auth.admin.getUserById(1)

@example

inviteUserByEmail(email: string, options?: {

data?: object;

redirectTo?: string;

}): Promise<UserResponse>

[src]

Sends an invite link to an email address.

@param email

The email address of the user.

@param options

Additional options to be included when inviting.

@example

Invite a user

const { data, error } = await supabase.auth.admin.inviteUserByEmail('email@example.com')

@example

listUsers(params?: PageParams): Promise<{

data: {

users: User[];

aud: string;

} & Pagination;

error: null;

} | {

data: {

users: [];

};

error: AuthError;

[src]

Get a list of users.

This function should only be called on a server. Never expose your service_role key in the browser.

@param params

An object which supports page and perPage as numbers, to alter the paginated results.

@example

Get a page of users

const { data: { users }, error } = await supabase.auth.admin.listUsers()

@example

Paginated list of users

const { data: { users }, error } = await supabase.auth.admin.listUsers({
  page: 1,
  perPage: 1000
})

signOut(jwt: string, scope?: SignOutScope): Promise<{

data: null;

error: AuthError | null;

[src]

Removes a logged-in session.

@param jwt

A valid, logged-in JWT.

@param scope

The logout sope.

updateUserById(uid: string, attributes: AdminUserAttributes): Promise<UserResponse>

[src]

Updates the user data. Changes are applied directly without confirmation flows.

@param uid

The user's unique identifier

@param attributes

The data you want to update.

This function should only be called on a server. Never expose your service_role key in the browser.

@example

// Server-side (Edge Function)
const { data, error } = await supabase.auth.admin.updateUserById(
  userId,
  { user_metadata: { preferences: { theme: 'dark' } } }
)

// Client-side (to sync the changes)
const { data, error } = await supabase.auth.refreshSession()
// onAuthStateChange listeners will now be notified with updated user

@example

Updates a user's email

const { data: user, error } = await supabase.auth.admin.updateUserById(
  '11111111-1111-1111-1111-111111111111',
  { email: 'new@email.com' }
)

@example

Updates a user's password

const { data: user, error } = await supabase.auth.admin.updateUserById(
  '6aa5d0d4-2a9f-4483-b6c8-0cf4c6c98ac4',
  { password: 'new_password' }
)

@example

Updates a user's metadata

const { data: user, error } = await supabase.auth.admin.updateUserById(
  '6aa5d0d4-2a9f-4483-b6c8-0cf4c6c98ac4',
  { user_metadata: { hello: 'world' } }
)

@example

Updates a user's app_metadata

const { data: user, error } = await supabase.auth.admin.updateUserById(
  '6aa5d0d4-2a9f-4483-b6c8-0cf4c6c98ac4',
  { app_metadata: { plan: 'trial' } }
)

@example

Confirms a user's email address

const { data: user, error } = await supabase.auth.admin.updateUserById(
  '6aa5d0d4-2a9f-4483-b6c8-0cf4c6c98ac4',
  { email_confirm: true }
)

@example

Confirms a user's phone number

const { data: user, error } = await supabase.auth.admin.updateUserById(
  '6aa5d0d4-2a9f-4483-b6c8-0cf4c6c98ac4',
  { phone_confirm: true }
)

@example

Ban a user for 100 years

const { data: user, error } = await supabase.auth.admin.updateUserById(
  '6aa5d0d4-2a9f-4483-b6c8-0cf4c6c98ac4',
  { ban_duration: '876000h' }
)