@supabase/auth-js 2.100.0-rc.0 → 2.100.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (44) hide show
  1. package/dist/main/GoTrueAdminApi.d.ts +449 -0
  2. package/dist/main/GoTrueAdminApi.d.ts.map +1 -1
  3. package/dist/main/GoTrueAdminApi.js +449 -0
  4. package/dist/main/GoTrueAdminApi.js.map +1 -1
  5. package/dist/main/GoTrueClient.d.ts +1668 -63
  6. package/dist/main/GoTrueClient.d.ts.map +1 -1
  7. package/dist/main/GoTrueClient.js +1889 -70
  8. package/dist/main/GoTrueClient.js.map +1 -1
  9. package/dist/main/lib/locks.d.ts.map +1 -1
  10. package/dist/main/lib/locks.js +69 -39
  11. package/dist/main/lib/locks.js.map +1 -1
  12. package/dist/main/lib/types.d.ts +409 -0
  13. package/dist/main/lib/types.d.ts.map +1 -1
  14. package/dist/main/lib/types.js.map +1 -1
  15. package/dist/main/lib/version.d.ts +1 -1
  16. package/dist/main/lib/version.d.ts.map +1 -1
  17. package/dist/main/lib/version.js +1 -1
  18. package/dist/main/lib/version.js.map +1 -1
  19. package/dist/module/GoTrueAdminApi.d.ts +449 -0
  20. package/dist/module/GoTrueAdminApi.d.ts.map +1 -1
  21. package/dist/module/GoTrueAdminApi.js +449 -0
  22. package/dist/module/GoTrueAdminApi.js.map +1 -1
  23. package/dist/module/GoTrueClient.d.ts +1668 -63
  24. package/dist/module/GoTrueClient.d.ts.map +1 -1
  25. package/dist/module/GoTrueClient.js +1889 -70
  26. package/dist/module/GoTrueClient.js.map +1 -1
  27. package/dist/module/lib/locks.d.ts.map +1 -1
  28. package/dist/module/lib/locks.js +69 -39
  29. package/dist/module/lib/locks.js.map +1 -1
  30. package/dist/module/lib/types.d.ts +409 -0
  31. package/dist/module/lib/types.d.ts.map +1 -1
  32. package/dist/module/lib/types.js.map +1 -1
  33. package/dist/module/lib/version.d.ts +1 -1
  34. package/dist/module/lib/version.d.ts.map +1 -1
  35. package/dist/module/lib/version.js +1 -1
  36. package/dist/module/lib/version.js.map +1 -1
  37. package/dist/tsconfig.module.tsbuildinfo +1 -1
  38. package/dist/tsconfig.tsbuildinfo +1 -1
  39. package/package.json +1 -1
  40. package/src/GoTrueAdminApi.ts +449 -0
  41. package/src/GoTrueClient.ts +1889 -70
  42. package/src/lib/locks.ts +92 -54
  43. package/src/lib/types.ts +409 -0
  44. package/src/lib/version.ts +1 -1
package/dist/main/GoTrueClient.js CHANGED
@@ -240,6 +240,8 @@ class GoTrueClient {
240
240
  * Initializes the client session either from the url or from storage.
241
241
  * This method is automatically called when instantiating the client, but should also be called
242
242
  * manually when checking for an error from an auth redirect (oauth, magiclink, password recovery, etc).
243
+ *
244
+ * @category Auth
243
245
  */
244
246
  async initialize() {
245
247
  if (this.initializePromise) {
@@ -328,6 +330,74 @@ class GoTrueClient {
328
330
  * Creates a new anonymous user.
329
331
  *
330
332
  * @returns A session where the is_anonymous claim in the access token JWT set to true
333
+ *
334
+ * @category Auth
335
+ *
336
+ * @remarks
337
+ * - Returns an anonymous user
338
+ * - It is recommended to set up captcha for anonymous sign-ins to prevent abuse. You can pass in the captcha token in the `options` param.
339
+ *
340
+ * @example Create an anonymous user
341
+ * ```js
342
+ * const { data, error } = await supabase.auth.signInAnonymously({
343
+ * options: {
344
+ * captchaToken
345
+ * }
346
+ * });
347
+ * ```
348
+ *
349
+ * @exampleResponse Create an anonymous user
350
+ * ```json
351
+ * {
352
+ * "data": {
353
+ * "user": {
354
+ * "id": "11111111-1111-1111-1111-111111111111",
355
+ * "aud": "authenticated",
356
+ * "role": "authenticated",
357
+ * "email": "",
358
+ * "phone": "",
359
+ * "last_sign_in_at": "2024-01-01T00:00:00Z",
360
+ * "app_metadata": {},
361
+ * "user_metadata": {},
362
+ * "identities": [],
363
+ * "created_at": "2024-01-01T00:00:00Z",
364
+ * "updated_at": "2024-01-01T00:00:00Z",
365
+ * "is_anonymous": true
366
+ * },
367
+ * "session": {
368
+ * "access_token": "<ACCESS_TOKEN>",
369
+ * "token_type": "bearer",
370
+ * "expires_in": 3600,
371
+ * "expires_at": 1700000000,
372
+ * "refresh_token": "<REFRESH_TOKEN>",
373
+ * "user": {
374
+ * "id": "11111111-1111-1111-1111-111111111111",
375
+ * "aud": "authenticated",
376
+ * "role": "authenticated",
377
+ * "email": "",
378
+ * "phone": "",
379
+ * "last_sign_in_at": "2024-01-01T00:00:00Z",
380
+ * "app_metadata": {},
381
+ * "user_metadata": {},
382
+ * "identities": [],
383
+ * "created_at": "2024-01-01T00:00:00Z",
384
+ * "updated_at": "2024-01-01T00:00:00Z",
385
+ * "is_anonymous": true
386
+ * }
387
+ * }
388
+ * },
389
+ * "error": null
390
+ * }
391
+ * ```
392
+ *
393
+ * @example Create an anonymous user with custom user metadata
394
+ * ```js
395
+ * const { data, error } = await supabase.auth.signInAnonymously({
396
+ * options: {
397
+ * data
398
+ * }
399
+ * })
400
+ * ```
331
401
  */
332
402
  async signInAnonymously(credentials) {
333
403
  var _a, _b, _c;
@@ -607,6 +677,115 @@ class GoTrueClient {
607
677
  * between the cases where the account does not exist or that the
608
678
  * email/phone and password combination is wrong or that the account can only
609
679
  * be accessed via social login.
680
+ *
681
+ * @category Auth
682
+ *
683
+ * @remarks
684
+ * - Requires either an email and password or a phone number and password.
685
+ *
686
+ * @example Sign in with email and password
687
+ * ```js
688
+ * const { data, error } = await supabase.auth.signInWithPassword({
689
+ * email: 'example@email.com',
690
+ * password: 'example-password',
691
+ * })
692
+ * ```
693
+ *
694
+ * @exampleResponse Sign in with email and password
695
+ * ```json
696
+ * {
697
+ * "data": {
698
+ * "user": {
699
+ * "id": "11111111-1111-1111-1111-111111111111",
700
+ * "aud": "authenticated",
701
+ * "role": "authenticated",
702
+ * "email": "example@email.com",
703
+ * "email_confirmed_at": "2024-01-01T00:00:00Z",
704
+ * "phone": "",
705
+ * "last_sign_in_at": "2024-01-01T00:00:00Z",
706
+ * "app_metadata": {
707
+ * "provider": "email",
708
+ * "providers": [
709
+ * "email"
710
+ * ]
711
+ * },
712
+ * "user_metadata": {},
713
+ * "identities": [
714
+ * {
715
+ * "identity_id": "22222222-2222-2222-2222-222222222222",
716
+ * "id": "11111111-1111-1111-1111-111111111111",
717
+ * "user_id": "11111111-1111-1111-1111-111111111111",
718
+ * "identity_data": {
719
+ * "email": "example@email.com",
720
+ * "email_verified": false,
721
+ * "phone_verified": false,
722
+ * "sub": "11111111-1111-1111-1111-111111111111"
723
+ * },
724
+ * "provider": "email",
725
+ * "last_sign_in_at": "2024-01-01T00:00:00Z",
726
+ * "created_at": "2024-01-01T00:00:00Z",
727
+ * "updated_at": "2024-01-01T00:00:00Z",
728
+ * "email": "example@email.com"
729
+ * }
730
+ * ],
731
+ * "created_at": "2024-01-01T00:00:00Z",
732
+ * "updated_at": "2024-01-01T00:00:00Z"
733
+ * },
734
+ * "session": {
735
+ * "access_token": "<ACCESS_TOKEN>",
736
+ * "token_type": "bearer",
737
+ * "expires_in": 3600,
738
+ * "expires_at": 1700000000,
739
+ * "refresh_token": "<REFRESH_TOKEN>",
740
+ * "user": {
741
+ * "id": "11111111-1111-1111-1111-111111111111",
742
+ * "aud": "authenticated",
743
+ * "role": "authenticated",
744
+ * "email": "example@email.com",
745
+ * "email_confirmed_at": "2024-01-01T00:00:00Z",
746
+ * "phone": "",
747
+ * "last_sign_in_at": "2024-01-01T00:00:00Z",
748
+ * "app_metadata": {
749
+ * "provider": "email",
750
+ * "providers": [
751
+ * "email"
752
+ * ]
753
+ * },
754
+ * "user_metadata": {},
755
+ * "identities": [
756
+ * {
757
+ * "identity_id": "22222222-2222-2222-2222-222222222222",
758
+ * "id": "11111111-1111-1111-1111-111111111111",
759
+ * "user_id": "11111111-1111-1111-1111-111111111111",
760
+ * "identity_data": {
761
+ * "email": "example@email.com",
762
+ * "email_verified": false,
763
+ * "phone_verified": false,
764
+ * "sub": "11111111-1111-1111-1111-111111111111"
765
+ * },
766
+ * "provider": "email",
767
+ * "last_sign_in_at": "2024-01-01T00:00:00Z",
768
+ * "created_at": "2024-01-01T00:00:00Z",
769
+ * "updated_at": "2024-01-01T00:00:00Z",
770
+ * "email": "example@email.com"
771
+ * }
772
+ * ],
773
+ * "created_at": "2024-01-01T00:00:00Z",
774
+ * "updated_at": "2024-01-01T00:00:00Z"
775
+ * }
776
+ * }
777
+ * },
778
+ * "error": null
779
+ * }
780
+ * ```
781
+ *
782
+ * @example Sign in with phone and password
783
+ * ```js
784
+ * const { data, error } = await supabase.auth.signInWithPassword({
785
+ * phone: '+13334445555',
786
+ * password: 'some-password',
787
+ * })
788
+ * ```
610
789
  */
611
790
  async signInWithPassword(credentials) {
612
791
  try {
@@ -665,6 +844,81 @@ class GoTrueClient {
665
844
  /**
666
845
  * Log in an existing user via a third-party provider.
667
846
  * This method supports the PKCE flow.
847
+ *
848
+ * @category Auth
849
+ *
850
+ * @remarks
851
+ * - This method is used for signing in using [Social Login (OAuth) providers](/docs/guides/auth#configure-third-party-providers).
852
+ * - It works by redirecting your application to the provider's authorization screen, before bringing back the user to your app.
853
+ *
854
+ * @example Sign in using a third-party provider
855
+ * ```js
856
+ * const { data, error } = await supabase.auth.signInWithOAuth({
857
+ * provider: 'github'
858
+ * })
859
+ * ```
860
+ *
861
+ * @exampleResponse Sign in using a third-party provider
862
+ * ```json
863
+ * {
864
+ * data: {
865
+ * provider: 'github',
866
+ * url: <PROVIDER_URL_TO_REDIRECT_TO>
867
+ * },
868
+ * error: null
869
+ * }
870
+ * ```
871
+ *
872
+ * @exampleDescription Sign in using a third-party provider with redirect
873
+ * - When the OAuth provider successfully authenticates the user, they are redirected to the URL specified in the `redirectTo` parameter. This parameter defaults to the [`SITE_URL`](/docs/guides/auth/redirect-urls#use-wildcards-in-redirect-urls). It does not redirect the user immediately after invoking this method.
874
+ * - See [redirect URLs and wildcards](/docs/guides/auth/redirect-urls#use-wildcards-in-redirect-urls) to add additional redirect URLs to your project.
875
+ *
876
+ * @example Sign in using a third-party provider with redirect
877
+ * ```js
878
+ * const { data, error } = await supabase.auth.signInWithOAuth({
879
+ * provider: 'github',
880
+ * options: {
881
+ * redirectTo: 'https://example.com/welcome'
882
+ * }
883
+ * })
884
+ * ```
885
+ *
886
+ * @exampleDescription Sign in with scopes and access provider tokens
887
+ * If you need additional access from an OAuth provider, in order to access provider specific APIs in the name of the user, you can do this by passing in the scopes the user should authorize for your application. Note that the `scopes` option takes in **a space-separated list** of scopes.
888
+ *
889
+ * Because OAuth sign-in often includes redirects, you should register an `onAuthStateChange` callback immediately after you create the Supabase client. This callback will listen for the presence of `provider_token` and `provider_refresh_token` properties on the `session` object and store them in local storage. The client library will emit these values **only once** immediately after the user signs in. You can then access them by looking them up in local storage, or send them to your backend servers for further processing.
890
+ *
891
+ * Finally, make sure you remove them from local storage on the `SIGNED_OUT` event. If the OAuth provider supports token revocation, make sure you call those APIs either from the frontend or schedule them to be called on the backend.
892
+ *
893
+ * @example Sign in with scopes and access provider tokens
894
+ * ```js
895
+ * // Register this immediately after calling createClient!
896
+ * // Because signInWithOAuth causes a redirect, you need to fetch the
897
+ * // provider tokens from the callback.
898
+ * supabase.auth.onAuthStateChange((event, session) => {
899
+ * if (session && session.provider_token) {
900
+ * window.localStorage.setItem('oauth_provider_token', session.provider_token)
901
+ * }
902
+ *
903
+ * if (session && session.provider_refresh_token) {
904
+ * window.localStorage.setItem('oauth_provider_refresh_token', session.provider_refresh_token)
905
+ * }
906
+ *
907
+ * if (event === 'SIGNED_OUT') {
908
+ * window.localStorage.removeItem('oauth_provider_token')
909
+ * window.localStorage.removeItem('oauth_provider_refresh_token')
910
+ * }
911
+ * })
912
+ *
913
+ * // Call this on your Sign in with GitHub button to initiate OAuth
914
+ * // with GitHub with the requested elevated scopes.
915
+ * await supabase.auth.signInWithOAuth({
916
+ * provider: 'github',
917
+ * options: {
918
+ * scopes: 'repo gist notifications'
919
+ * }
920
+ * })
921
+ * ```
668
922
  */
669
923
  async signInWithOAuth(credentials) {
670
924
  var _a, _b, _c, _d;
@@ -677,73 +931,321 @@ class GoTrueClient {
677
931
  }
678
932
  /**
679
933
  * Log in an existing user by exchanging an Auth Code issued during the PKCE flow.
680
- */
681
- async exchangeCodeForSession(authCode) {
682
- await this.initializePromise;
683
- return this._acquireLock(this.lockAcquireTimeout, async () => {
684
- return this._exchangeCodeForSession(authCode);
685
- });
686
- }
687
- /**
688
- * Signs in a user by verifying a message signed by the user's private key.
689
- * Supports Ethereum (via Sign-In-With-Ethereum) & Solana (Sign-In-With-Solana) standards,
690
- * both of which derive from the EIP-4361 standard
691
- * With slight variation on Solana's side.
692
- * @reference https://eips.ethereum.org/EIPS/eip-4361
693
- */
694
- async signInWithWeb3(credentials) {
695
- const { chain } = credentials;
696
- switch (chain) {
697
- case 'ethereum':
698
- return await this.signInWithEthereum(credentials);
699
- case 'solana':
700
- return await this.signInWithSolana(credentials);
701
- default:
702
- throw new Error(`@supabase/auth-js: Unsupported chain "${chain}"`);
703
- }
704
- }
705
- async signInWithEthereum(credentials) {
706
- var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l;
707
- // TODO: flatten type
708
- let message;
709
- let signature;
710
- if ('message' in credentials) {
711
- message = credentials.message;
712
- signature = credentials.signature;
713
- }
714
- else {
715
- const { chain, wallet, statement, options } = credentials;
716
- let resolvedWallet;
717
- if (!(0, helpers_1.isBrowser)()) {
718
- if (typeof wallet !== 'object' || !(options === null || options === void 0 ? void 0 : options.url)) {
719
- throw new Error('@supabase/auth-js: Both wallet and url must be specified in non-browser environments.');
720
- }
721
- resolvedWallet = wallet;
722
- }
723
- else if (typeof wallet === 'object') {
724
- resolvedWallet = wallet;
725
- }
726
- else {
727
- const windowAny = window;
728
- if ('ethereum' in windowAny &&
729
- typeof windowAny.ethereum === 'object' &&
730
- 'request' in windowAny.ethereum &&
731
- typeof windowAny.ethereum.request === 'function') {
732
- resolvedWallet = windowAny.ethereum;
733
- }
734
- else {
735
- throw new Error(`@supabase/auth-js: No compatible Ethereum wallet interface on the window object (window.ethereum) detected. Make sure the user already has a wallet installed and connected for this app. Prefer passing the wallet interface object directly to signInWithWeb3({ chain: 'ethereum', wallet: resolvedUserWallet }) instead.`);
736
- }
737
- }
738
- const url = new URL((_a = options === null || options === void 0 ? void 0 : options.url) !== null && _a !== void 0 ? _a : window.location.href);
739
- const accounts = await resolvedWallet
740
- .request({
741
- method: 'eth_requestAccounts',
742
- })
743
- .then((accs) => accs)
744
- .catch(() => {
745
- throw new Error(`@supabase/auth-js: Wallet method eth_requestAccounts is missing or invalid`);
746
- });
934
+ *
935
+ * @category Auth
936
+ *
937
+ * @remarks
938
+ * - Used when `flowType` is set to `pkce` in client options.
939
+ *
940
+ * @example Exchange Auth Code
941
+ * ```js
942
+ * supabase.auth.exchangeCodeForSession('34e770dd-9ff9-416c-87fa-43b31d7ef225')
943
+ * ```
944
+ *
945
+ * @exampleResponse Exchange Auth Code
946
+ * ```json
947
+ * {
948
+ * "data": {
949
+ * session: {
950
+ * access_token: '<ACCESS_TOKEN>',
951
+ * token_type: 'bearer',
952
+ * expires_in: 3600,
953
+ * expires_at: 1700000000,
954
+ * refresh_token: '<REFRESH_TOKEN>',
955
+ * user: {
956
+ * id: '11111111-1111-1111-1111-111111111111',
957
+ * aud: 'authenticated',
958
+ * role: 'authenticated',
959
+ * email: 'example@email.com'
960
+ * email_confirmed_at: '2024-01-01T00:00:00Z',
961
+ * phone: '',
962
+ * confirmation_sent_at: '2024-01-01T00:00:00Z',
963
+ * confirmed_at: '2024-01-01T00:00:00Z',
964
+ * last_sign_in_at: '2024-01-01T00:00:00Z',
965
+ * app_metadata: {
966
+ * "provider": "email",
967
+ * "providers": [
968
+ * "email",
969
+ * "<OTHER_PROVIDER>"
970
+ * ]
971
+ * },
972
+ * user_metadata: {
973
+ * email: 'email@email.com',
974
+ * email_verified: true,
975
+ * full_name: 'User Name',
976
+ * iss: '<ISS>',
977
+ * name: 'User Name',
978
+ * phone_verified: false,
979
+ * provider_id: '<PROVIDER_ID>',
980
+ * sub: '<SUB>'
981
+ * },
982
+ * identities: [
983
+ * {
984
+ * "identity_id": "22222222-2222-2222-2222-222222222222",
985
+ * "id": "11111111-1111-1111-1111-111111111111",
986
+ * "user_id": "11111111-1111-1111-1111-111111111111",
987
+ * "identity_data": {
988
+ * "email": "example@email.com",
989
+ * "email_verified": false,
990
+ * "phone_verified": false,
991
+ * "sub": "11111111-1111-1111-1111-111111111111"
992
+ * },
993
+ * "provider": "email",
994
+ * "last_sign_in_at": "2024-01-01T00:00:00Z",
995
+ * "created_at": "2024-01-01T00:00:00Z",
996
+ * "updated_at": "2024-01-01T00:00:00Z",
997
+ * "email": "email@example.com"
998
+ * },
999
+ * {
1000
+ * "identity_id": "33333333-3333-3333-3333-333333333333",
1001
+ * "id": "<ID>",
1002
+ * "user_id": "<USER_ID>",
1003
+ * "identity_data": {
1004
+ * "email": "example@email.com",
1005
+ * "email_verified": true,
1006
+ * "full_name": "User Name",
1007
+ * "iss": "<ISS>",
1008
+ * "name": "User Name",
1009
+ * "phone_verified": false,
1010
+ * "provider_id": "<PROVIDER_ID>",
1011
+ * "sub": "<SUB>"
1012
+ * },
1013
+ * "provider": "<PROVIDER>",
1014
+ * "last_sign_in_at": "2024-01-01T00:00:00Z",
1015
+ * "created_at": "2024-01-01T00:00:00Z",
1016
+ * "updated_at": "2024-01-01T00:00:00Z",
1017
+ * "email": "example@email.com"
1018
+ * }
1019
+ * ],
1020
+ * created_at: '2024-01-01T00:00:00Z',
1021
+ * updated_at: '2024-01-01T00:00:00Z',
1022
+ * is_anonymous: false
1023
+ * },
1024
+ * provider_token: '<PROVIDER_TOKEN>',
1025
+ * provider_refresh_token: '<PROVIDER_REFRESH_TOKEN>'
1026
+ * },
1027
+ * user: {
1028
+ * id: '11111111-1111-1111-1111-111111111111',
1029
+ * aud: 'authenticated',
1030
+ * role: 'authenticated',
1031
+ * email: 'example@email.com',
1032
+ * email_confirmed_at: '2024-01-01T00:00:00Z',
1033
+ * phone: '',
1034
+ * confirmation_sent_at: '2024-01-01T00:00:00Z',
1035
+ * confirmed_at: '2024-01-01T00:00:00Z',
1036
+ * last_sign_in_at: '2024-01-01T00:00:00Z',
1037
+ * app_metadata: {
1038
+ * provider: 'email',
1039
+ * providers: [
1040
+ * "email",
1041
+ * "<OTHER_PROVIDER>"
1042
+ * ]
1043
+ * },
1044
+ * user_metadata: {
1045
+ * email: 'email@email.com',
1046
+ * email_verified: true,
1047
+ * full_name: 'User Name',
1048
+ * iss: '<ISS>',
1049
+ * name: 'User Name',
1050
+ * phone_verified: false,
1051
+ * provider_id: '<PROVIDER_ID>',
1052
+ * sub: '<SUB>'
1053
+ * },
1054
+ * identities: [
1055
+ * {
1056
+ * "identity_id": "22222222-2222-2222-2222-222222222222",
1057
+ * "id": "11111111-1111-1111-1111-111111111111",
1058
+ * "user_id": "11111111-1111-1111-1111-111111111111",
1059
+ * "identity_data": {
1060
+ * "email": "example@email.com",
1061
+ * "email_verified": false,
1062
+ * "phone_verified": false,
1063
+ * "sub": "11111111-1111-1111-1111-111111111111"
1064
+ * },
1065
+ * "provider": "email",
1066
+ * "last_sign_in_at": "2024-01-01T00:00:00Z",
1067
+ * "created_at": "2024-01-01T00:00:00Z",
1068
+ * "updated_at": "2024-01-01T00:00:00Z",
1069
+ * "email": "email@example.com"
1070
+ * },
1071
+ * {
1072
+ * "identity_id": "33333333-3333-3333-3333-333333333333",
1073
+ * "id": "<ID>",
1074
+ * "user_id": "<USER_ID>",
1075
+ * "identity_data": {
1076
+ * "email": "example@email.com",
1077
+ * "email_verified": true,
1078
+ * "full_name": "User Name",
1079
+ * "iss": "<ISS>",
1080
+ * "name": "User Name",
1081
+ * "phone_verified": false,
1082
+ * "provider_id": "<PROVIDER_ID>",
1083
+ * "sub": "<SUB>"
1084
+ * },
1085
+ * "provider": "<PROVIDER>",
1086
+ * "last_sign_in_at": "2024-01-01T00:00:00Z",
1087
+ * "created_at": "2024-01-01T00:00:00Z",
1088
+ * "updated_at": "2024-01-01T00:00:00Z",
1089
+ * "email": "example@email.com"
1090
+ * }
1091
+ * ],
1092
+ * created_at: '2024-01-01T00:00:00Z',
1093
+ * updated_at: '2024-01-01T00:00:00Z',
1094
+ * is_anonymous: false
1095
+ * },
1096
+ * redirectType: null
1097
+ * },
1098
+ * "error": null
1099
+ * }
1100
+ * ```
1101
+ */
1102
+ async exchangeCodeForSession(authCode) {
1103
+ await this.initializePromise;
1104
+ return this._acquireLock(this.lockAcquireTimeout, async () => {
1105
+ return this._exchangeCodeForSession(authCode);
1106
+ });
1107
+ }
1108
+ /**
1109
+ * Signs in a user by verifying a message signed by the user's private key.
1110
+ * Supports Ethereum (via Sign-In-With-Ethereum) & Solana (Sign-In-With-Solana) standards,
1111
+ * both of which derive from the EIP-4361 standard
1112
+ * With slight variation on Solana's side.
1113
+ * @reference https://eips.ethereum.org/EIPS/eip-4361
1114
+ *
1115
+ * @category Auth
1116
+ *
1117
+ * @remarks
1118
+ * - Uses a Web3 (Ethereum, Solana) wallet to sign a user in.
1119
+ * - Read up on the [potential for abuse](/docs/guides/auth/auth-web3#potential-for-abuse) before using it.
1120
+ *
1121
+ * @example Sign in with Solana or Ethereum (Window API)
1122
+ * ```js
1123
+ * // uses window.ethereum for the wallet
1124
+ * const { data, error } = await supabase.auth.signInWithWeb3({
1125
+ * chain: 'ethereum',
1126
+ * statement: 'I accept the Terms of Service at https://example.com/tos'
1127
+ * })
1128
+ *
1129
+ * // uses window.solana for the wallet
1130
+ * const { data, error } = await supabase.auth.signInWithWeb3({
1131
+ * chain: 'solana',
1132
+ * statement: 'I accept the Terms of Service at https://example.com/tos'
1133
+ * })
1134
+ * ```
1135
+ *
1136
+ * @example Sign in with Ethereum (Message and Signature)
1137
+ * ```js
1138
+ * const { data, error } = await supabase.auth.signInWithWeb3({
1139
+ * chain: 'ethereum',
1140
+ * message: '<sign in with ethereum message>',
1141
+ * signature: '<hex of the ethereum signature over the message>',
1142
+ * })
1143
+ * ```
1144
+ *
1145
+ * @example Sign in with Solana (Brave)
1146
+ * ```js
1147
+ * const { data, error } = await supabase.auth.signInWithWeb3({
1148
+ * chain: 'solana',
1149
+ * statement: 'I accept the Terms of Service at https://example.com/tos',
1150
+ * wallet: window.braveSolana
1151
+ * })
1152
+ * ```
1153
+ *
1154
+ * @example Sign in with Solana (Wallet Adapter)
1155
+ * ```jsx
1156
+ * function SignInButton() {
1157
+ * const wallet = useWallet()
1158
+ *
1159
+ * return (
1160
+ * <>
1161
+ * {wallet.connected ? (
1162
+ * <button
1163
+ * onClick={() => {
1164
+ * supabase.auth.signInWithWeb3({
1165
+ * chain: 'solana',
1166
+ * statement: 'I accept the Terms of Service at https://example.com/tos',
1167
+ * wallet,
1168
+ * })
1169
+ * }}
1170
+ * >
1171
+ * Sign in with Solana
1172
+ * </button>
1173
+ * ) : (
1174
+ * <WalletMultiButton />
1175
+ * )}
1176
+ * </>
1177
+ * )
1178
+ * }
1179
+ *
1180
+ * function App() {
1181
+ * const endpoint = clusterApiUrl('devnet')
1182
+ * const wallets = useMemo(() => [], [])
1183
+ *
1184
+ * return (
1185
+ * <ConnectionProvider endpoint={endpoint}>
1186
+ * <WalletProvider wallets={wallets}>
1187
+ * <WalletModalProvider>
1188
+ * <SignInButton />
1189
+ * </WalletModalProvider>
1190
+ * </WalletProvider>
1191
+ * </ConnectionProvider>
1192
+ * )
1193
+ * }
1194
+ * ```
1195
+ */
1196
+ async signInWithWeb3(credentials) {
1197
+ const { chain } = credentials;
1198
+ switch (chain) {
1199
+ case 'ethereum':
1200
+ return await this.signInWithEthereum(credentials);
1201
+ case 'solana':
1202
+ return await this.signInWithSolana(credentials);
1203
+ default:
1204
+ throw new Error(`@supabase/auth-js: Unsupported chain "${chain}"`);
1205
+ }
1206
+ }
1207
+ async signInWithEthereum(credentials) {
1208
+ var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l;
1209
+ // TODO: flatten type
1210
+ let message;
1211
+ let signature;
1212
+ if ('message' in credentials) {
1213
+ message = credentials.message;
1214
+ signature = credentials.signature;
1215
+ }
1216
+ else {
1217
+ const { chain, wallet, statement, options } = credentials;
1218
+ let resolvedWallet;
1219
+ if (!(0, helpers_1.isBrowser)()) {
1220
+ if (typeof wallet !== 'object' || !(options === null || options === void 0 ? void 0 : options.url)) {
1221
+ throw new Error('@supabase/auth-js: Both wallet and url must be specified in non-browser environments.');
1222
+ }
1223
+ resolvedWallet = wallet;
1224
+ }
1225
+ else if (typeof wallet === 'object') {
1226
+ resolvedWallet = wallet;
1227
+ }
1228
+ else {
1229
+ const windowAny = window;
1230
+ if ('ethereum' in windowAny &&
1231
+ typeof windowAny.ethereum === 'object' &&
1232
+ 'request' in windowAny.ethereum &&
1233
+ typeof windowAny.ethereum.request === 'function') {
1234
+ resolvedWallet = windowAny.ethereum;
1235
+ }
1236
+ else {
1237
+ throw new Error(`@supabase/auth-js: No compatible Ethereum wallet interface on the window object (window.ethereum) detected. Make sure the user already has a wallet installed and connected for this app. Prefer passing the wallet interface object directly to signInWithWeb3({ chain: 'ethereum', wallet: resolvedUserWallet }) instead.`);
1238
+ }
1239
+ }
1240
+ const url = new URL((_a = options === null || options === void 0 ? void 0 : options.url) !== null && _a !== void 0 ? _a : window.location.href);
1241
+ const accounts = await resolvedWallet
1242
+ .request({
1243
+ method: 'eth_requestAccounts',
1244
+ })
1245
+ .then((accs) => accs)
1246
+ .catch(() => {
1247
+ throw new Error(`@supabase/auth-js: Wallet method eth_requestAccounts is missing or invalid`);
1248
+ });
747
1249
  if (!accounts || accounts.length === 0) {
748
1250
  throw new Error(`@supabase/auth-js: No accounts available. Please ensure the wallet is connected.`);
749
1251
  }
@@ -989,6 +1491,77 @@ class GoTrueClient {
989
1491
  /**
990
1492
  * Allows signing in with an OIDC ID token. The authentication provider used
991
1493
  * should be enabled and configured.
1494
+ *
1495
+ * @category Auth
1496
+ *
1497
+ * @remarks
1498
+ * - Use an ID token to sign in.
1499
+ * - Especially useful when implementing sign in using native platform dialogs in mobile or desktop apps using Sign in with Apple or Sign in with Google on iOS and Android.
1500
+ * - You can also use Google's [One Tap](https://developers.google.com/identity/gsi/web/guides/display-google-one-tap) and [Automatic sign-in](https://developers.google.com/identity/gsi/web/guides/automatic-sign-in-sign-out) via this API.
1501
+ *
1502
+ * @example Sign In using ID Token
1503
+ * ```js
1504
+ * const { data, error } = await supabase.auth.signInWithIdToken({
1505
+ * provider: 'google',
1506
+ * token: 'your-id-token'
1507
+ * })
1508
+ * ```
1509
+ *
1510
+ * @exampleResponse Sign In using ID Token
1511
+ * ```json
1512
+ * {
1513
+ * "data": {
1514
+ * "user": {
1515
+ * "id": "11111111-1111-1111-1111-111111111111",
1516
+ * "aud": "authenticated",
1517
+ * "role": "authenticated",
1518
+ * "last_sign_in_at": "2024-01-01T00:00:00Z",
1519
+ * "app_metadata": {
1520
+ * ...
1521
+ * },
1522
+ * "user_metadata": {
1523
+ * ...
1524
+ * },
1525
+ * "identities": [
1526
+ * {
1527
+ * "identity_id": "22222222-2222-2222-2222-222222222222",
1528
+ * "provider": "google",
1529
+ * }
1530
+ * ],
1531
+ * "created_at": "2024-01-01T00:00:00Z",
1532
+ * "updated_at": "2024-01-01T00:00:00Z",
1533
+ * },
1534
+ * "session": {
1535
+ * "access_token": "<ACCESS_TOKEN>",
1536
+ * "token_type": "bearer",
1537
+ * "expires_in": 3600,
1538
+ * "expires_at": 1700000000,
1539
+ * "refresh_token": "<REFRESH_TOKEN>",
1540
+ * "user": {
1541
+ * "id": "11111111-1111-1111-1111-111111111111",
1542
+ * "aud": "authenticated",
1543
+ * "role": "authenticated",
1544
+ * "last_sign_in_at": "2024-01-01T00:00:00Z",
1545
+ * "app_metadata": {
1546
+ * ...
1547
+ * },
1548
+ * "user_metadata": {
1549
+ * ...
1550
+ * },
1551
+ * "identities": [
1552
+ * {
1553
+ * "identity_id": "22222222-2222-2222-2222-222222222222",
1554
+ * "provider": "google",
1555
+ * }
1556
+ * ],
1557
+ * "created_at": "2024-01-01T00:00:00Z",
1558
+ * "updated_at": "2024-01-01T00:00:00Z",
1559
+ * }
1560
+ * }
1561
+ * },
1562
+ * "error": null
1563
+ * }
1564
+ * ```
992
1565
  */
993
1566
  async signInWithIdToken(credentials) {
994
1567
  try {
@@ -1041,6 +1614,66 @@ class GoTrueClient {
1041
1614
  * channel is not supported on other providers
1042
1615
  * at this time.
1043
1616
  * This method supports PKCE when an email is passed.
1617
+ *
1618
+ * @category Auth
1619
+ *
1620
+ * @remarks
1621
+ * - Requires either an email or phone number.
1622
+ * - This method is used for passwordless sign-ins where a OTP is sent to the user's email or phone number.
1623
+ * - If the user doesn't exist, `signInWithOtp()` will signup the user instead. To restrict this behavior, you can set `shouldCreateUser` in `SignInWithPasswordlessCredentials.options` to `false`.
1624
+ * - If you're using an email, you can configure whether you want the user to receive a magiclink or a OTP.
1625
+ * - If you're using phone, you can configure whether you want the user to receive a OTP.
1626
+ * - The magic link's destination URL is determined by the [`SITE_URL`](/docs/guides/auth/redirect-urls#use-wildcards-in-redirect-urls).
1627
+ * - See [redirect URLs and wildcards](/docs/guides/auth/redirect-urls#use-wildcards-in-redirect-urls) to add additional redirect URLs to your project.
1628
+ * - Magic links and OTPs share the same implementation. To send users a one-time code instead of a magic link, [modify the magic link email template](/dashboard/project/_/auth/templates) to include `{{ .Token }}` instead of `{{ .ConfirmationURL }}`.
1629
+ * - See our [Twilio Phone Auth Guide](/docs/guides/auth/phone-login?showSMSProvider=Twilio) for details about configuring WhatsApp sign in.
1630
+ *
1631
+ * @exampleDescription Sign in with email
1632
+ * The user will be sent an email which contains either a magiclink or a OTP or both. By default, a given user can only request a OTP once every 60 seconds.
1633
+ *
1634
+ * @example Sign in with email
1635
+ * ```js
1636
+ * const { data, error } = await supabase.auth.signInWithOtp({
1637
+ * email: 'example@email.com',
1638
+ * options: {
1639
+ * emailRedirectTo: 'https://example.com/welcome'
1640
+ * }
1641
+ * })
1642
+ * ```
1643
+ *
1644
+ * @exampleResponse Sign in with email
1645
+ * ```json
1646
+ * {
1647
+ * "data": {
1648
+ * "user": null,
1649
+ * "session": null
1650
+ * },
1651
+ * "error": null
1652
+ * }
1653
+ * ```
1654
+ *
1655
+ * @exampleDescription Sign in with SMS OTP
1656
+ * The user will be sent a SMS which contains a OTP. By default, a given user can only request a OTP once every 60 seconds.
1657
+ *
1658
+ * @example Sign in with SMS OTP
1659
+ * ```js
1660
+ * const { data, error } = await supabase.auth.signInWithOtp({
1661
+ * phone: '+13334445555',
1662
+ * })
1663
+ * ```
1664
+ *
1665
+ * @exampleDescription Sign in with WhatsApp OTP
1666
+ * The user will be sent a WhatsApp message which contains a OTP. By default, a given user can only request a OTP once every 60 seconds. Note that a user will need to have a valid WhatsApp account that is linked to Twilio in order to use this feature.
1667
+ *
1668
+ * @example Sign in with WhatsApp OTP
1669
+ * ```js
1670
+ * const { data, error } = await supabase.auth.signInWithOtp({
1671
+ * phone: '+13334445555',
1672
+ * options: {
1673
+ * channel:'whatsapp',
1674
+ * }
1675
+ * })
1676
+ * ```
1044
1677
  */
1045
1678
  async signInWithOtp(credentials) {
1046
1679
  var _a, _b, _c, _d, _e;
@@ -1096,9 +1729,143 @@ class GoTrueClient {
1096
1729
  }
1097
1730
  /**
1098
1731
  * Log in a user given a User supplied OTP or TokenHash received through mobile or email.
1099
- */
1100
- async verifyOtp(params) {
1101
- var _a, _b;
1732
+ *
1733
+ * @category Auth
1734
+ *
1735
+ * @remarks
1736
+ * - The `verifyOtp` method takes in different verification types.
1737
+ * - If a phone number is used, the type can either be:
1738
+ * 1. `sms` – Used when verifying a one-time password (OTP) sent via SMS during sign-up or sign-in.
1739
+ * 2. `phone_change` – Used when verifying an OTP sent to a new phone number during a phone number update process.
1740
+ * - If an email address is used, the type can be one of the following (note: `signup` and `magiclink` types are deprecated):
1741
+ * 1. `email` – Used when verifying an OTP sent to the user's email during sign-up or sign-in.
1742
+ * 2. `recovery` – Used when verifying an OTP sent for account recovery, typically after a password reset request.
1743
+ * 3. `invite` – Used when verifying an OTP sent as part of an invitation to join a project or organization.
1744
+ * 4. `email_change` – Used when verifying an OTP sent to a new email address during an email update process.
1745
+ * - The verification type used should be determined based on the corresponding auth method called before `verifyOtp` to sign up / sign-in a user.
1746
+ * - The `TokenHash` is contained in the [email templates](/docs/guides/auth/auth-email-templates) and can be used to sign in. You may wish to use the hash for the PKCE flow for Server Side Auth. Read [the Password-based Auth guide](/docs/guides/auth/passwords) for more details.
1747
+ *
1748
+ * @example Verify Signup One-Time Password (OTP)
1749
+ * ```js
1750
+ * const { data, error } = await supabase.auth.verifyOtp({ email, token, type: 'email'})
1751
+ * ```
1752
+ *
1753
+ * @exampleResponse Verify Signup One-Time Password (OTP)
1754
+ * ```json
1755
+ * {
1756
+ * "data": {
1757
+ * "user": {
1758
+ * "id": "11111111-1111-1111-1111-111111111111",
1759
+ * "aud": "authenticated",
1760
+ * "role": "authenticated",
1761
+ * "email": "example@email.com",
1762
+ * "email_confirmed_at": "2024-01-01T00:00:00Z",
1763
+ * "phone": "",
1764
+ * "confirmed_at": "2024-01-01T00:00:00Z",
1765
+ * "recovery_sent_at": "2024-01-01T00:00:00Z",
1766
+ * "last_sign_in_at": "2024-01-01T00:00:00Z",
1767
+ * "app_metadata": {
1768
+ * "provider": "email",
1769
+ * "providers": [
1770
+ * "email"
1771
+ * ]
1772
+ * },
1773
+ * "user_metadata": {
1774
+ * "email": "example@email.com",
1775
+ * "email_verified": false,
1776
+ * "phone_verified": false,
1777
+ * "sub": "11111111-1111-1111-1111-111111111111"
1778
+ * },
1779
+ * "identities": [
1780
+ * {
1781
+ * "identity_id": "22222222-2222-2222-2222-222222222222",
1782
+ * "id": "11111111-1111-1111-1111-111111111111",
1783
+ * "user_id": "11111111-1111-1111-1111-111111111111",
1784
+ * "identity_data": {
1785
+ * "email": "example@email.com",
1786
+ * "email_verified": false,
1787
+ * "phone_verified": false,
1788
+ * "sub": "11111111-1111-1111-1111-111111111111"
1789
+ * },
1790
+ * "provider": "email",
1791
+ * "last_sign_in_at": "2024-01-01T00:00:00Z",
1792
+ * "created_at": "2024-01-01T00:00:00Z",
1793
+ * "updated_at": "2024-01-01T00:00:00Z",
1794
+ * "email": "example@email.com"
1795
+ * }
1796
+ * ],
1797
+ * "created_at": "2024-01-01T00:00:00Z",
1798
+ * "updated_at": "2024-01-01T00:00:00Z",
1799
+ * "is_anonymous": false
1800
+ * },
1801
+ * "session": {
1802
+ * "access_token": "<ACCESS_TOKEN>",
1803
+ * "token_type": "bearer",
1804
+ * "expires_in": 3600,
1805
+ * "expires_at": 1700000000,
1806
+ * "refresh_token": "<REFRESH_TOKEN>",
1807
+ * "user": {
1808
+ * "id": "11111111-1111-1111-1111-111111111111",
1809
+ * "aud": "authenticated",
1810
+ * "role": "authenticated",
1811
+ * "email": "example@email.com",
1812
+ * "email_confirmed_at": "2024-01-01T00:00:00Z",
1813
+ * "phone": "",
1814
+ * "confirmed_at": "2024-01-01T00:00:00Z",
1815
+ * "recovery_sent_at": "2024-01-01T00:00:00Z",
1816
+ * "last_sign_in_at": "2024-01-01T00:00:00Z",
1817
+ * "app_metadata": {
1818
+ * "provider": "email",
1819
+ * "providers": [
1820
+ * "email"
1821
+ * ]
1822
+ * },
1823
+ * "user_metadata": {
1824
+ * "email": "example@email.com",
1825
+ * "email_verified": false,
1826
+ * "phone_verified": false,
1827
+ * "sub": "11111111-1111-1111-1111-111111111111"
1828
+ * },
1829
+ * "identities": [
1830
+ * {
1831
+ * "identity_id": "22222222-2222-2222-2222-222222222222",
1832
+ * "id": "11111111-1111-1111-1111-111111111111",
1833
+ * "user_id": "11111111-1111-1111-1111-111111111111",
1834
+ * "identity_data": {
1835
+ * "email": "example@email.com",
1836
+ * "email_verified": false,
1837
+ * "phone_verified": false,
1838
+ * "sub": "11111111-1111-1111-1111-111111111111"
1839
+ * },
1840
+ * "provider": "email",
1841
+ * "last_sign_in_at": "2024-01-01T00:00:00Z",
1842
+ * "created_at": "2024-01-01T00:00:00Z",
1843
+ * "updated_at": "2024-01-01T00:00:00Z",
1844
+ * "email": "example@email.com"
1845
+ * }
1846
+ * ],
1847
+ * "created_at": "2024-01-01T00:00:00Z",
1848
+ * "updated_at": "2024-01-01T00:00:00Z",
1849
+ * "is_anonymous": false
1850
+ * }
1851
+ * }
1852
+ * },
1853
+ * "error": null
1854
+ * }
1855
+ * ```
1856
+ *
1857
+ * @example Verify SMS One-Time Password (OTP)
1858
+ * ```js
1859
+ * const { data, error } = await supabase.auth.verifyOtp({ phone, token, type: 'sms'})
1860
+ * ```
1861
+ *
1862
+ * @example Verify Email Auth (Token Hash)
1863
+ * ```js
1864
+ * const { data, error } = await supabase.auth.verifyOtp({ token_hash: tokenHash, type: 'email'})
1865
+ * ```
1866
+ */
1867
+ async verifyOtp(params) {
1868
+ var _a, _b;
1102
1869
  try {
1103
1870
  let redirectTo = undefined;
1104
1871
  let captchaToken = undefined;
@@ -1147,6 +1914,45 @@ class GoTrueClient {
1147
1914
  *
1148
1915
  * If you have built an organization-specific login page, you can use the
1149
1916
  * organization's SSO Identity Provider UUID directly instead.
1917
+ *
1918
+ * @category Auth
1919
+ *
1920
+ * @remarks
1921
+ * - Before you can call this method you need to [establish a connection](/docs/guides/auth/sso/auth-sso-saml#managing-saml-20-connections) to an identity provider. Use the [CLI commands](/docs/reference/cli/supabase-sso) to do this.
1922
+ * - If you've associated an email domain to the identity provider, you can use the `domain` property to start a sign-in flow.
1923
+ * - In case you need to use a different way to start the authentication flow with an identity provider, you can use the `providerId` property. For example:
1924
+ * - Mapping specific user email addresses with an identity provider.
1925
+ * - Using different hints to identity the identity provider to be used by the user, like a company-specific page, IP address or other tracking information.
1926
+ *
1927
+ * @example Sign in with email domain
1928
+ * ```js
1929
+ * // You can extract the user's email domain and use it to trigger the
1930
+ * // authentication flow with the correct identity provider.
1931
+ *
1932
+ * const { data, error } = await supabase.auth.signInWithSSO({
1933
+ * domain: 'company.com'
1934
+ * })
1935
+ *
1936
+ * if (data?.url) {
1937
+ * // redirect the user to the identity provider's authentication flow
1938
+ * window.location.href = data.url
1939
+ * }
1940
+ * ```
1941
+ *
1942
+ * @example Sign in with provider UUID
1943
+ * ```js
1944
+ * // Useful when you need to map a user's sign in request according
1945
+ * // to different rules that can't use email domains.
1946
+ *
1947
+ * const { data, error } = await supabase.auth.signInWithSSO({
1948
+ * providerId: '21648a9d-8d5a-4555-a9d1-d6375dc14e92'
1949
+ * })
1950
+ *
1951
+ * if (data?.url) {
1952
+ * // redirect the user to the identity provider's authentication flow
1953
+ * window.location.href = data.url
1954
+ * }
1955
+ * ```
1150
1956
  */
1151
1957
  async signInWithSSO(params) {
1152
1958
  var _a, _b, _c, _d, _e;
@@ -1181,6 +1987,23 @@ class GoTrueClient {
1181
1987
  /**
1182
1988
  * Sends a reauthentication OTP to the user's email or phone number.
1183
1989
  * Requires the user to be signed-in.
1990
+ *
1991
+ * @category Auth
1992
+ *
1993
+ * @remarks
1994
+ * - This method is used together with `updateUser()` when a user's password needs to be updated.
1995
+ * - If you require your user to reauthenticate before updating their password, you need to enable the **Secure password change** option in your [project's email provider settings](/dashboard/project/_/auth/providers).
1996
+ * - A user is only require to reauthenticate before updating their password if **Secure password change** is enabled and the user **hasn't recently signed in**. A user is deemed recently signed in if the session was created in the last 24 hours.
1997
+ * - This method will send a nonce to the user's email. If the user doesn't have a confirmed email address, the method will send the nonce to the user's confirmed phone number instead.
1998
+ * - After receiving the OTP, include it as the `nonce` in your `updateUser()` call to finalize the password change.
1999
+ *
2000
+ * @exampleDescription Send reauthentication nonce
2001
+ * Sends a reauthentication nonce to the user's email or phone number.
2002
+ *
2003
+ * @example Send reauthentication nonce
2004
+ * ```js
2005
+ * const { error } = await supabase.auth.reauthenticate()
2006
+ * ```
1184
2007
  */
1185
2008
  async reauthenticate() {
1186
2009
  await this.initializePromise;
@@ -1212,6 +2035,62 @@ class GoTrueClient {
1212
2035
  }
1213
2036
  /**
1214
2037
  * Resends an existing signup confirmation email, email change email, SMS OTP or phone change OTP.
2038
+ *
2039
+ * @category Auth
2040
+ *
2041
+ * @remarks
2042
+ * - Resends a signup confirmation, email change or phone change email to the user.
2043
+ * - Passwordless sign-ins can be resent by calling the `signInWithOtp()` method again.
2044
+ * - Password recovery emails can be resent by calling the `resetPasswordForEmail()` method again.
2045
+ * - This method will only resend an email or phone OTP to the user if there was an initial signup, email change or phone change request being made(note: For existing users signing in with OTP, you should use `signInWithOtp()` again to resend the OTP).
2046
+ * - You can specify a redirect url when you resend an email link using the `emailRedirectTo` option.
2047
+ *
2048
+ * @exampleDescription Resend an email signup confirmation
2049
+ * Resends the email signup confirmation to the user
2050
+ *
2051
+ * @example Resend an email signup confirmation
2052
+ * ```js
2053
+ * const { error } = await supabase.auth.resend({
2054
+ * type: 'signup',
2055
+ * email: 'email@example.com',
2056
+ * options: {
2057
+ * emailRedirectTo: 'https://example.com/welcome'
2058
+ * }
2059
+ * })
2060
+ * ```
2061
+ *
2062
+ * @exampleDescription Resend a phone signup confirmation
2063
+ * Resends the phone signup confirmation email to the user
2064
+ *
2065
+ * @example Resend a phone signup confirmation
2066
+ * ```js
2067
+ * const { error } = await supabase.auth.resend({
2068
+ * type: 'sms',
2069
+ * phone: '1234567890'
2070
+ * })
2071
+ * ```
2072
+ *
2073
+ * @exampleDescription Resend email change email
2074
+ * Resends the email change email to the user
2075
+ *
2076
+ * @example Resend email change email
2077
+ * ```js
2078
+ * const { error } = await supabase.auth.resend({
2079
+ * type: 'email_change',
2080
+ * email: 'email@example.com'
2081
+ * })
2082
+ * ```
2083
+ *
2084
+ * @exampleDescription Resend phone change OTP
2085
+ * Resends the phone change OTP to the user
2086
+ *
2087
+ * @example Resend phone change OTP
2088
+ * ```js
2089
+ * const { error } = await supabase.auth.resend({
2090
+ * type: 'phone_change',
2091
+ * phone: '1234567890'
2092
+ * })
2093
+ * ```
1215
2094
  */
1216
2095
  async resend(credentials) {
1217
2096
  try {
@@ -1263,6 +2142,80 @@ class GoTrueClient {
1263
2142
  * the values in it may not be authentic and therefore it's strongly advised
1264
2143
  * against using this method and its results in such circumstances. A warning
1265
2144
  * will be emitted if this is detected. Use {@link #getUser()} instead.
2145
+ *
2146
+ * @category Auth
2147
+ *
2148
+ * @remarks
2149
+ * - Since the introduction of [asymmetric JWT signing keys](/docs/guides/auth/signing-keys), this method is considered low-level and we encourage you to use `getClaims()` or `getUser()` instead.
2150
+ * - Retrieves the current [user session](/docs/guides/auth/sessions) from the storage medium (local storage, cookies).
2151
+ * - The session contains an access token (signed JWT), a refresh token and the user object.
2152
+ * - If the session's access token is expired or is about to expire, this method will use the refresh token to refresh the session.
2153
+ * - When using in a browser, or you've called `startAutoRefresh()` in your environment (React Native, etc.) this function always returns a valid access token without refreshing the session itself, as this is done in the background. This function returns very fast.
2154
+ * - **IMPORTANT SECURITY NOTICE:** If using an insecure storage medium, such as cookies or request headers, the user object returned by this function **must not be trusted**. Always verify the JWT using `getClaims()` or your own JWT verification library to securely establish the user's identity and access. You can also use `getUser()` to fetch the user object directly from the Auth server for this purpose.
2155
+ * - When using in a browser, this function is synchronized across all tabs using the [LockManager](https://developer.mozilla.org/en-US/docs/Web/API/LockManager) API. In other environments make sure you've defined a proper `lock` property, if necessary, to make sure there are no race conditions while the session is being refreshed.
2156
+ *
2157
+ * @example Get the session data
2158
+ * ```js
2159
+ * const { data, error } = await supabase.auth.getSession()
2160
+ * ```
2161
+ *
2162
+ * @exampleResponse Get the session data
2163
+ * ```json
2164
+ * {
2165
+ * "data": {
2166
+ * "session": {
2167
+ * "access_token": "<ACCESS_TOKEN>",
2168
+ * "token_type": "bearer",
2169
+ * "expires_in": 3600,
2170
+ * "expires_at": 1700000000,
2171
+ * "refresh_token": "<REFRESH_TOKEN>",
2172
+ * "user": {
2173
+ * "id": "11111111-1111-1111-1111-111111111111",
2174
+ * "aud": "authenticated",
2175
+ * "role": "authenticated",
2176
+ * "email": "example@email.com",
2177
+ * "email_confirmed_at": "2024-01-01T00:00:00Z",
2178
+ * "phone": "",
2179
+ * "last_sign_in_at": "2024-01-01T00:00:00Z",
2180
+ * "app_metadata": {
2181
+ * "provider": "email",
2182
+ * "providers": [
2183
+ * "email"
2184
+ * ]
2185
+ * },
2186
+ * "user_metadata": {
2187
+ * "email": "example@email.com",
2188
+ * "email_verified": false,
2189
+ * "phone_verified": false,
2190
+ * "sub": "11111111-1111-1111-1111-111111111111"
2191
+ * },
2192
+ * "identities": [
2193
+ * {
2194
+ * "identity_id": "22222222-2222-2222-2222-222222222222",
2195
+ * "id": "11111111-1111-1111-1111-111111111111",
2196
+ * "user_id": "11111111-1111-1111-1111-111111111111",
2197
+ * "identity_data": {
2198
+ * "email": "example@email.com",
2199
+ * "email_verified": false,
2200
+ * "phone_verified": false,
2201
+ * "sub": "11111111-1111-1111-1111-111111111111"
2202
+ * },
2203
+ * "provider": "email",
2204
+ * "last_sign_in_at": "2024-01-01T00:00:00Z",
2205
+ * "created_at": "2024-01-01T00:00:00Z",
2206
+ * "updated_at": "2024-01-01T00:00:00Z",
2207
+ * "email": "example@email.com"
2208
+ * }
2209
+ * ],
2210
+ * "created_at": "2024-01-01T00:00:00Z",
2211
+ * "updated_at": "2024-01-01T00:00:00Z",
2212
+ * "is_anonymous": false
2213
+ * }
2214
+ * }
2215
+ * },
2216
+ * "error": null
2217
+ * }
2218
+ * ```
1266
2219
  */
1267
2220
  async getSession() {
1268
2221
  await this.initializePromise;
@@ -1421,6 +2374,75 @@ class GoTrueClient {
1421
2374
  * value is authentic and can be used to base authorization rules on.
1422
2375
  *
1423
2376
  * @param jwt Takes in an optional access token JWT. If no JWT is provided, the JWT from the current session is used.
2377
+ *
2378
+ * @category Auth
2379
+ *
2380
+ * @remarks
2381
+ * - This method fetches the user object from the database instead of local session.
2382
+ * - This method is useful for checking if the user is authorized because it validates the user's access token JWT on the server.
2383
+ * - Should always be used when checking for user authorization on the server. On the client, you can instead use `getSession().session.user` for faster results. `getSession` is insecure on the server.
2384
+ *
2385
+ * @example Get the logged in user with the current existing session
2386
+ * ```js
2387
+ * const { data: { user } } = await supabase.auth.getUser()
2388
+ * ```
2389
+ *
2390
+ * @exampleResponse Get the logged in user with the current existing session
2391
+ * ```json
2392
+ * {
2393
+ * "data": {
2394
+ * "user": {
2395
+ * "id": "11111111-1111-1111-1111-111111111111",
2396
+ * "aud": "authenticated",
2397
+ * "role": "authenticated",
2398
+ * "email": "example@email.com",
2399
+ * "email_confirmed_at": "2024-01-01T00:00:00Z",
2400
+ * "phone": "",
2401
+ * "confirmed_at": "2024-01-01T00:00:00Z",
2402
+ * "last_sign_in_at": "2024-01-01T00:00:00Z",
2403
+ * "app_metadata": {
2404
+ * "provider": "email",
2405
+ * "providers": [
2406
+ * "email"
2407
+ * ]
2408
+ * },
2409
+ * "user_metadata": {
2410
+ * "email": "example@email.com",
2411
+ * "email_verified": false,
2412
+ * "phone_verified": false,
2413
+ * "sub": "11111111-1111-1111-1111-111111111111"
2414
+ * },
2415
+ * "identities": [
2416
+ * {
2417
+ * "identity_id": "22222222-2222-2222-2222-222222222222",
2418
+ * "id": "11111111-1111-1111-1111-111111111111",
2419
+ * "user_id": "11111111-1111-1111-1111-111111111111",
2420
+ * "identity_data": {
2421
+ * "email": "example@email.com",
2422
+ * "email_verified": false,
2423
+ * "phone_verified": false,
2424
+ * "sub": "11111111-1111-1111-1111-111111111111"
2425
+ * },
2426
+ * "provider": "email",
2427
+ * "last_sign_in_at": "2024-01-01T00:00:00Z",
2428
+ * "created_at": "2024-01-01T00:00:00Z",
2429
+ * "updated_at": "2024-01-01T00:00:00Z",
2430
+ * "email": "example@email.com"
2431
+ * }
2432
+ * ],
2433
+ * "created_at": "2024-01-01T00:00:00Z",
2434
+ * "updated_at": "2024-01-01T00:00:00Z",
2435
+ * "is_anonymous": false
2436
+ * }
2437
+ * },
2438
+ * "error": null
2439
+ * }
2440
+ * ```
2441
+ *
2442
+ * @example Get the logged in user with a custom access token jwt
2443
+ * ```js
2444
+ * const { data: { user } } = await supabase.auth.getUser(jwt)
2445
+ * ```
1424
2446
  */
1425
2447
  async getUser(jwt) {
1426
2448
  if (jwt) {
@@ -1476,6 +2498,117 @@ class GoTrueClient {
1476
2498
  }
1477
2499
  /**
1478
2500
  * Updates user data for a logged in user.
2501
+ *
2502
+ * @category Auth
2503
+ *
2504
+ * @remarks
2505
+ * - In order to use the `updateUser()` method, the user needs to be signed in first.
2506
+ * - By default, email updates sends a confirmation link to both the user's current and new email.
2507
+ * To only send a confirmation link to the user's new email, disable **Secure email change** in your project's [email auth provider settings](/dashboard/project/_/auth/providers).
2508
+ *
2509
+ * @exampleDescription Update the email for an authenticated user
2510
+ * Sends a "Confirm Email Change" email to the new address. If **Secure Email Change** is enabled (default), confirmation is also required from the **old email** before the change is applied. To skip dual confirmation and apply the change after only the new email is verified, disable **Secure Email Change** in the [Email Auth Provider settings](/dashboard/project/_/auth/providers?provider=Email).
2511
+ *
2512
+ * @example Update the email for an authenticated user
2513
+ * ```js
2514
+ * const { data, error } = await supabase.auth.updateUser({
2515
+ * email: 'new@email.com'
2516
+ * })
2517
+ * ```
2518
+ *
2519
+ * @exampleResponse Update the email for an authenticated user
2520
+ * ```json
2521
+ * {
2522
+ * "data": {
2523
+ * "user": {
2524
+ * "id": "11111111-1111-1111-1111-111111111111",
2525
+ * "aud": "authenticated",
2526
+ * "role": "authenticated",
2527
+ * "email": "example@email.com",
2528
+ * "email_confirmed_at": "2024-01-01T00:00:00Z",
2529
+ * "phone": "",
2530
+ * "confirmed_at": "2024-01-01T00:00:00Z",
2531
+ * "new_email": "new@email.com",
2532
+ * "email_change_sent_at": "2024-01-01T00:00:00Z",
2533
+ * "last_sign_in_at": "2024-01-01T00:00:00Z",
2534
+ * "app_metadata": {
2535
+ * "provider": "email",
2536
+ * "providers": [
2537
+ * "email"
2538
+ * ]
2539
+ * },
2540
+ * "user_metadata": {
2541
+ * "email": "example@email.com",
2542
+ * "email_verified": false,
2543
+ * "phone_verified": false,
2544
+ * "sub": "11111111-1111-1111-1111-111111111111"
2545
+ * },
2546
+ * "identities": [
2547
+ * {
2548
+ * "identity_id": "22222222-2222-2222-2222-222222222222",
2549
+ * "id": "11111111-1111-1111-1111-111111111111",
2550
+ * "user_id": "11111111-1111-1111-1111-111111111111",
2551
+ * "identity_data": {
2552
+ * "email": "example@email.com",
2553
+ * "email_verified": false,
2554
+ * "phone_verified": false,
2555
+ * "sub": "11111111-1111-1111-1111-111111111111"
2556
+ * },
2557
+ * "provider": "email",
2558
+ * "last_sign_in_at": "2024-01-01T00:00:00Z",
2559
+ * "created_at": "2024-01-01T00:00:00Z",
2560
+ * "updated_at": "2024-01-01T00:00:00Z",
2561
+ * "email": "example@email.com"
2562
+ * }
2563
+ * ],
2564
+ * "created_at": "2024-01-01T00:00:00Z",
2565
+ * "updated_at": "2024-01-01T00:00:00Z",
2566
+ * "is_anonymous": false
2567
+ * }
2568
+ * },
2569
+ * "error": null
2570
+ * }
2571
+ * ```
2572
+ *
2573
+ * @exampleDescription Update the phone number for an authenticated user
2574
+ * Sends a one-time password (OTP) to the new phone number.
2575
+ *
2576
+ * @example Update the phone number for an authenticated user
2577
+ * ```js
2578
+ * const { data, error } = await supabase.auth.updateUser({
2579
+ * phone: '123456789'
2580
+ * })
2581
+ * ```
2582
+ *
2583
+ * @example Update the password for an authenticated user
2584
+ * ```js
2585
+ * const { data, error } = await supabase.auth.updateUser({
2586
+ * password: 'new password'
2587
+ * })
2588
+ * ```
2589
+ *
2590
+ * @exampleDescription Update the user's metadata
2591
+ * Updates the user's custom metadata.
2592
+ *
2593
+ * **Note**: The `data` field maps to the `auth.users.raw_user_meta_data` column in your Supabase database. When calling `getUser()`, the data will be available as `user.user_metadata`.
2594
+ *
2595
+ * @example Update the user's metadata
2596
+ * ```js
2597
+ * const { data, error } = await supabase.auth.updateUser({
2598
+ * data: { hello: 'world' }
2599
+ * })
2600
+ * ```
2601
+ *
2602
+ * @exampleDescription Update the user's password with a nonce
2603
+ * If **Secure password change** is enabled in your [project's email provider settings](/dashboard/project/_/auth/providers), updating the user's password would require a nonce if the user **hasn't recently signed in**. The nonce is sent to the user's email or phone number. A user is deemed recently signed in if the session was created in the last 24 hours.
2604
+ *
2605
+ * @example Update the user's password with a nonce
2606
+ * ```js
2607
+ * const { data, error } = await supabase.auth.updateUser({
2608
+ * password: 'new password',
2609
+ * nonce: '123456'
2610
+ * })
2611
+ * ```
1479
2612
  */
1480
2613
  async updateUser(attributes, options = {}) {
1481
2614
  await this.initializePromise;
@@ -1528,6 +2661,125 @@ class GoTrueClient {
1528
2661
  * Sets the session data from the current session. If the current session is expired, setSession will take care of refreshing it to obtain a new session.
1529
2662
  * If the refresh token or access token in the current session is invalid, an error will be thrown.
1530
2663
  * @param currentSession The current session that minimally contains an access token and refresh token.
2664
+ *
2665
+ * @category Auth
2666
+ *
2667
+ * @remarks
2668
+ * - This method sets the session using an `access_token` and `refresh_token`.
2669
+ * - If successful, a `SIGNED_IN` event is emitted.
2670
+ *
2671
+ * @exampleDescription Set the session
2672
+ * Sets the session data from an access_token and refresh_token, then returns an auth response or error.
2673
+ *
2674
+ * @example Set the session
2675
+ * ```js
2676
+ * const { data, error } = await supabase.auth.setSession({
2677
+ * access_token,
2678
+ * refresh_token
2679
+ * })
2680
+ * ```
2681
+ *
2682
+ * @exampleResponse Set the session
2683
+ * ```json
2684
+ * {
2685
+ * "data": {
2686
+ * "user": {
2687
+ * "id": "11111111-1111-1111-1111-111111111111",
2688
+ * "aud": "authenticated",
2689
+ * "role": "authenticated",
2690
+ * "email": "example@email.com",
2691
+ * "email_confirmed_at": "2024-01-01T00:00:00Z",
2692
+ * "phone": "",
2693
+ * "confirmed_at": "2024-01-01T00:00:00Z",
2694
+ * "last_sign_in_at": "2024-01-01T00:00:00Z",
2695
+ * "app_metadata": {
2696
+ * "provider": "email",
2697
+ * "providers": [
2698
+ * "email"
2699
+ * ]
2700
+ * },
2701
+ * "user_metadata": {
2702
+ * "email": "example@email.com",
2703
+ * "email_verified": false,
2704
+ * "phone_verified": false,
2705
+ * "sub": "11111111-1111-1111-1111-111111111111"
2706
+ * },
2707
+ * "identities": [
2708
+ * {
2709
+ * "identity_id": "22222222-2222-2222-2222-222222222222",
2710
+ * "id": "11111111-1111-1111-1111-111111111111",
2711
+ * "user_id": "11111111-1111-1111-1111-111111111111",
2712
+ * "identity_data": {
2713
+ * "email": "example@email.com",
2714
+ * "email_verified": false,
2715
+ * "phone_verified": false,
2716
+ * "sub": "11111111-1111-1111-1111-111111111111"
2717
+ * },
2718
+ * "provider": "email",
2719
+ * "last_sign_in_at": "2024-01-01T00:00:00Z",
2720
+ * "created_at": "2024-01-01T00:00:00Z",
2721
+ * "updated_at": "2024-01-01T00:00:00Z",
2722
+ * "email": "example@email.com"
2723
+ * }
2724
+ * ],
2725
+ * "created_at": "2024-01-01T00:00:00Z",
2726
+ * "updated_at": "2024-01-01T00:00:00Z",
2727
+ * "is_anonymous": false
2728
+ * },
2729
+ * "session": {
2730
+ * "access_token": "<ACCESS_TOKEN>",
2731
+ * "refresh_token": "<REFRESH_TOKEN>",
2732
+ * "user": {
2733
+ * "id": "11111111-1111-1111-1111-111111111111",
2734
+ * "aud": "authenticated",
2735
+ * "role": "authenticated",
2736
+ * "email": "example@email.com",
2737
+ * "email_confirmed_at": "2024-01-01T00:00:00Z",
2738
+ * "phone": "",
2739
+ * "confirmed_at": "2024-01-01T00:00:00Z",
2740
+ * "last_sign_in_at": "11111111-1111-1111-1111-111111111111",
2741
+ * "app_metadata": {
2742
+ * "provider": "email",
2743
+ * "providers": [
2744
+ * "email"
2745
+ * ]
2746
+ * },
2747
+ * "user_metadata": {
2748
+ * "email": "example@email.com",
2749
+ * "email_verified": false,
2750
+ * "phone_verified": false,
2751
+ * "sub": "11111111-1111-1111-1111-111111111111"
2752
+ * },
2753
+ * "identities": [
2754
+ * {
2755
+ * "identity_id": "2024-01-01T00:00:00Z",
2756
+ * "id": "11111111-1111-1111-1111-111111111111",
2757
+ * "user_id": "11111111-1111-1111-1111-111111111111",
2758
+ * "identity_data": {
2759
+ * "email": "example@email.com",
2760
+ * "email_verified": false,
2761
+ * "phone_verified": false,
2762
+ * "sub": "11111111-1111-1111-1111-111111111111"
2763
+ * },
2764
+ * "provider": "email",
2765
+ * "last_sign_in_at": "2024-01-01T00:00:00Z",
2766
+ * "created_at": "2024-01-01T00:00:00Z",
2767
+ * "updated_at": "2024-01-01T00:00:00Z",
2768
+ * "email": "example@email.com"
2769
+ * }
2770
+ * ],
2771
+ * "created_at": "2024-01-01T00:00:00Z",
2772
+ * "updated_at": "2024-01-01T00:00:00Z",
2773
+ * "is_anonymous": false
2774
+ * },
2775
+ * "token_type": "bearer",
2776
+ * "expires_in": 3500,
2777
+ * "expires_at": 1700000000
2778
+ * }
2779
+ * },
2780
+ * "error": null
2781
+ * }
2782
+ * ```
1531
2783
  */
1532
2784
  async setSession(currentSession) {
1533
2785
  await this.initializePromise;
@@ -1589,6 +2841,125 @@ class GoTrueClient {
1589
2841
  * Takes in an optional current session. If not passed in, then refreshSession() will attempt to retrieve it from getSession().
1590
2842
  * If the current session's refresh token is invalid, an error will be thrown.
1591
2843
  * @param currentSession The current session. If passed in, it must contain a refresh token.
2844
+ *
2845
+ * @category Auth
2846
+ *
2847
+ * @remarks
2848
+ * - This method will refresh and return a new session whether the current one is expired or not.
2849
+ *
2850
+ * @example Refresh session using the current session
2851
+ * ```js
2852
+ * const { data, error } = await supabase.auth.refreshSession()
2853
+ * const { session, user } = data
2854
+ * ```
2855
+ *
2856
+ * @exampleResponse Refresh session using the current session
2857
+ * ```json
2858
+ * {
2859
+ * "data": {
2860
+ * "user": {
2861
+ * "id": "11111111-1111-1111-1111-111111111111",
2862
+ * "aud": "authenticated",
2863
+ * "role": "authenticated",
2864
+ * "email": "example@email.com",
2865
+ * "email_confirmed_at": "2024-01-01T00:00:00Z",
2866
+ * "phone": "",
2867
+ * "confirmed_at": "2024-01-01T00:00:00Z",
2868
+ * "last_sign_in_at": "2024-01-01T00:00:00Z",
2869
+ * "app_metadata": {
2870
+ * "provider": "email",
2871
+ * "providers": [
2872
+ * "email"
2873
+ * ]
2874
+ * },
2875
+ * "user_metadata": {
2876
+ * "email": "example@email.com",
2877
+ * "email_verified": false,
2878
+ * "phone_verified": false,
2879
+ * "sub": "11111111-1111-1111-1111-111111111111"
2880
+ * },
2881
+ * "identities": [
2882
+ * {
2883
+ * "identity_id": "22222222-2222-2222-2222-222222222222",
2884
+ * "id": "11111111-1111-1111-1111-111111111111",
2885
+ * "user_id": "11111111-1111-1111-1111-111111111111",
2886
+ * "identity_data": {
2887
+ * "email": "example@email.com",
2888
+ * "email_verified": false,
2889
+ * "phone_verified": false,
2890
+ * "sub": "11111111-1111-1111-1111-111111111111"
2891
+ * },
2892
+ * "provider": "email",
2893
+ * "last_sign_in_at": "2024-01-01T00:00:00Z",
2894
+ * "created_at": "2024-01-01T00:00:00Z",
2895
+ * "updated_at": "2024-01-01T00:00:00Z",
2896
+ * "email": "example@email.com"
2897
+ * }
2898
+ * ],
2899
+ * "created_at": "2024-01-01T00:00:00Z",
2900
+ * "updated_at": "2024-01-01T00:00:00Z",
2901
+ * "is_anonymous": false
2902
+ * },
2903
+ * "session": {
2904
+ * "access_token": "<ACCESS_TOKEN>",
2905
+ * "token_type": "bearer",
2906
+ * "expires_in": 3600,
2907
+ * "expires_at": 1700000000,
2908
+ * "refresh_token": "<REFRESH_TOKEN>",
2909
+ * "user": {
2910
+ * "id": "11111111-1111-1111-1111-111111111111",
2911
+ * "aud": "authenticated",
2912
+ * "role": "authenticated",
2913
+ * "email": "example@email.com",
2914
+ * "email_confirmed_at": "2024-01-01T00:00:00Z",
2915
+ * "phone": "",
2916
+ * "confirmed_at": "2024-01-01T00:00:00Z",
2917
+ * "last_sign_in_at": "2024-01-01T00:00:00Z",
2918
+ * "app_metadata": {
2919
+ * "provider": "email",
2920
+ * "providers": [
2921
+ * "email"
2922
+ * ]
2923
+ * },
2924
+ * "user_metadata": {
2925
+ * "email": "example@email.com",
2926
+ * "email_verified": false,
2927
+ * "phone_verified": false,
2928
+ * "sub": "11111111-1111-1111-1111-111111111111"
2929
+ * },
2930
+ * "identities": [
2931
+ * {
2932
+ * "identity_id": "22222222-2222-2222-2222-222222222222",
2933
+ * "id": "11111111-1111-1111-1111-111111111111",
2934
+ * "user_id": "11111111-1111-1111-1111-111111111111",
2935
+ * "identity_data": {
2936
+ * "email": "example@email.com",
2937
+ * "email_verified": false,
2938
+ * "phone_verified": false,
2939
+ * "sub": "11111111-1111-1111-1111-111111111111"
2940
+ * },
2941
+ * "provider": "email",
2942
+ * "last_sign_in_at": "2024-01-01T00:00:00Z",
2943
+ * "created_at": "2024-01-01T00:00:00Z",
2944
+ * "updated_at": "2024-01-01T00:00:00Z",
2945
+ * "email": "example@email.com"
2946
+ * }
2947
+ * ],
2948
+ * "created_at": "2024-01-01T00:00:00Z",
2949
+ * "updated_at": "2024-01-01T00:00:00Z",
2950
+ * "is_anonymous": false
2951
+ * }
2952
+ * }
2953
+ * },
2954
+ * "error": null
2955
+ * }
2956
+ * ```
2957
+ *
2958
+ * @example Refresh session using a refresh token
2959
+ * ```js
2960
+ * const { data, error } = await supabase.auth.refreshSession({ refresh_token })
2961
+ * const { session, user } = data
2962
+ * ```
1592
2963
  */
1593
2964
  async refreshSession(currentSession) {
1594
2965
  await this.initializePromise;
@@ -1744,6 +3115,28 @@ class GoTrueClient {
1744
3115
  * There is no way to revoke a user's access token jwt until it expires. It is recommended to set a shorter expiry on the jwt for this reason.
1745
3116
  *
1746
3117
  * If using `others` scope, no `SIGNED_OUT` event is fired!
3118
+ *
3119
+ * @category Auth
3120
+ *
3121
+ * @remarks
3122
+ * - In order to use the `signOut()` method, the user needs to be signed in first.
3123
+ * - By default, `signOut()` uses the global scope, which signs out all other sessions that the user is logged into as well. Customize this behavior by passing a scope parameter.
3124
+ * - Since Supabase Auth uses JWTs for authentication, the access token JWT will be valid until it's expired. When the user signs out, Supabase revokes the refresh token and deletes the JWT from the client-side. This does not revoke the JWT and it will still be valid until it expires.
3125
+ *
3126
+ * @example Sign out (all sessions)
3127
+ * ```js
3128
+ * const { error } = await supabase.auth.signOut()
3129
+ * ```
3130
+ *
3131
+ * @example Sign out (current session)
3132
+ * ```js
3133
+ * const { error } = await supabase.auth.signOut({ scope: 'local' })
3134
+ * ```
3135
+ *
3136
+ * @example Sign out (other sessions)
3137
+ * ```js
3138
+ * const { error } = await supabase.auth.signOut({ scope: 'others' })
3139
+ * ```
1747
3140
  */
1748
3141
  async signOut(options = { scope: 'global' }) {
1749
3142
  await this.initializePromise;
@@ -1778,6 +3171,193 @@ class GoTrueClient {
1778
3171
  return this._returnResult({ error: null });
1779
3172
  });
1780
3173
  }
3174
+ /** *
3175
+ * @category Auth
3176
+ *
3177
+ * @remarks
3178
+ * - Subscribes to important events occurring on the user's session.
3179
+ * - Use on the frontend/client. It is less useful on the server.
3180
+ * - Events are emitted across tabs to keep your application's UI up-to-date. Some events can fire very frequently, based on the number of tabs open. Use a quick and efficient callback function, and defer or debounce as many operations as you can to be performed outside of the callback.
3181
+ * - **Important:** A callback can be an `async` function and it runs synchronously during the processing of the changes causing the event. You can easily create a dead-lock by using `await` on a call to another method of the Supabase library.
3182
+ * - Avoid using `async` functions as callbacks.
3183
+ * - Limit the number of `await` calls in `async` callbacks.
3184
+ * - Do not use other Supabase functions in the callback function. If you must, dispatch the functions once the callback has finished executing. Use this as a quick way to achieve this:
3185
+ * ```js
3186
+ * supabase.auth.onAuthStateChange((event, session) => {
3187
+ * setTimeout(async () => {
3188
+ * // await on other Supabase function here
3189
+ * // this runs right after the callback has finished
3190
+ * }, 0)
3191
+ * })
3192
+ * ```
3193
+ * - Emitted events:
3194
+ * - `INITIAL_SESSION`
3195
+ * - Emitted right after the Supabase client is constructed and the initial session from storage is loaded.
3196
+ * - `SIGNED_IN`
3197
+ * - Emitted each time a user session is confirmed or re-established, including on user sign in and when refocusing a tab.
3198
+ * - Avoid making assumptions as to when this event is fired, this may occur even when the user is already signed in. Instead, check the user object attached to the event to see if a new user has signed in and update your application's UI.
3199
+ * - This event can fire very frequently depending on the number of tabs open in your application.
3200
+ * - `SIGNED_OUT`
3201
+ * - Emitted when the user signs out. This can be after:
3202
+ * - A call to `supabase.auth.signOut()`.
3203
+ * - After the user's session has expired for any reason:
3204
+ * - User has signed out on another device.
3205
+ * - The session has reached its timebox limit or inactivity timeout.
3206
+ * - User has signed in on another device with single session per user enabled.
3207
+ * - Check the [User Sessions](/docs/guides/auth/sessions) docs for more information.
3208
+ * - Use this to clean up any local storage your application has associated with the user.
3209
+ * - `TOKEN_REFRESHED`
3210
+ * - Emitted each time a new access and refresh token are fetched for the signed in user.
3211
+ * - It's best practice and highly recommended to extract the access token (JWT) and store it in memory for further use in your application.
3212
+ * - Avoid frequent calls to `supabase.auth.getSession()` for the same purpose.
3213
+ * - There is a background process that keeps track of when the session should be refreshed so you will always receive valid tokens by listening to this event.
3214
+ * - The frequency of this event is related to the JWT expiry limit configured on your project.
3215
+ * - `USER_UPDATED`
3216
+ * - Emitted each time the `supabase.auth.updateUser()` method finishes successfully. Listen to it to update your application's UI based on new profile information.
3217
+ * - `PASSWORD_RECOVERY`
3218
+ * - Emitted instead of the `SIGNED_IN` event when the user lands on a page that includes a password recovery link in the URL.
3219
+ * - Use it to show a UI to the user where they can [reset their password](/docs/guides/auth/passwords#resetting-a-users-password-forgot-password).
3220
+ *
3221
+ * @example Listen to auth changes
3222
+ * ```js
3223
+ * const { data } = supabase.auth.onAuthStateChange((event, session) => {
3224
+ * console.log(event, session)
3225
+ *
3226
+ * if (event === 'INITIAL_SESSION') {
3227
+ * // handle initial session
3228
+ * } else if (event === 'SIGNED_IN') {
3229
+ * // handle sign in event
3230
+ * } else if (event === 'SIGNED_OUT') {
3231
+ * // handle sign out event
3232
+ * } else if (event === 'PASSWORD_RECOVERY') {
3233
+ * // handle password recovery event
3234
+ * } else if (event === 'TOKEN_REFRESHED') {
3235
+ * // handle token refreshed event
3236
+ * } else if (event === 'USER_UPDATED') {
3237
+ * // handle user updated event
3238
+ * }
3239
+ * })
3240
+ *
3241
+ * // call unsubscribe to remove the callback
3242
+ * data.subscription.unsubscribe()
3243
+ * ```
3244
+ *
3245
+ * @exampleDescription Listen to sign out
3246
+ * Make sure you clear out any local data, such as local and session storage, after the client library has detected the user's sign out.
3247
+ *
3248
+ * @example Listen to sign out
3249
+ * ```js
3250
+ * supabase.auth.onAuthStateChange((event, session) => {
3251
+ * if (event === 'SIGNED_OUT') {
3252
+ * console.log('SIGNED_OUT', session)
3253
+ *
3254
+ * // clear local and session storage
3255
+ * [
3256
+ * window.localStorage,
3257
+ * window.sessionStorage,
3258
+ * ].forEach((storage) => {
3259
+ * Object.entries(storage)
3260
+ * .forEach(([key]) => {
3261
+ * storage.removeItem(key)
3262
+ * })
3263
+ * })
3264
+ * }
3265
+ * })
3266
+ * ```
3267
+ *
3268
+ * @exampleDescription Store OAuth provider tokens on sign in
3269
+ * When using [OAuth (Social Login)](/docs/guides/auth/social-login) you sometimes wish to get access to the provider's access token and refresh token, in order to call provider APIs in the name of the user.
3270
+ *
3271
+ * For example, if you are using [Sign in with Google](/docs/guides/auth/social-login/auth-google) you may want to use the provider token to call Google APIs on behalf of the user. Supabase Auth does not keep track of the provider access and refresh token, but does return them for you once, immediately after sign in. You can use the `onAuthStateChange` method to listen for the presence of the provider tokens and store them in local storage. You can further send them to your server's APIs for use on the backend.
3272
+ *
3273
+ * Finally, make sure you remove them from local storage on the `SIGNED_OUT` event. If the OAuth provider supports token revocation, make sure you call those APIs either from the frontend or schedule them to be called on the backend.
3274
+ *
3275
+ * @example Store OAuth provider tokens on sign in
3276
+ * ```js
3277
+ * // Register this immediately after calling createClient!
3278
+ * // Because signInWithOAuth causes a redirect, you need to fetch the
3279
+ * // provider tokens from the callback.
3280
+ * supabase.auth.onAuthStateChange((event, session) => {
3281
+ * if (session && session.provider_token) {
3282
+ * window.localStorage.setItem('oauth_provider_token', session.provider_token)
3283
+ * }
3284
+ *
3285
+ * if (session && session.provider_refresh_token) {
3286
+ * window.localStorage.setItem('oauth_provider_refresh_token', session.provider_refresh_token)
3287
+ * }
3288
+ *
3289
+ * if (event === 'SIGNED_OUT') {
3290
+ * window.localStorage.removeItem('oauth_provider_token')
3291
+ * window.localStorage.removeItem('oauth_provider_refresh_token')
3292
+ * }
3293
+ * })
3294
+ * ```
3295
+ *
3296
+ * @exampleDescription Use React Context for the User's session
3297
+ * Instead of relying on `supabase.auth.getSession()` within your React components, you can use a [React Context](https://react.dev/reference/react/createContext) to store the latest session information from the `onAuthStateChange` callback and access it that way.
3298
+ *
3299
+ * @example Use React Context for the User's session
3300
+ * ```js
3301
+ * const SessionContext = React.createContext(null)
3302
+ *
3303
+ * function main() {
3304
+ * const [session, setSession] = React.useState(null)
3305
+ *
3306
+ * React.useEffect(() => {
3307
+ * const {data: { subscription }} = supabase.auth.onAuthStateChange(
3308
+ * (event, session) => {
3309
+ * if (event === 'SIGNED_OUT') {
3310
+ * setSession(null)
3311
+ * } else if (session) {
3312
+ * setSession(session)
3313
+ * }
3314
+ * })
3315
+ *
3316
+ * return () => {
3317
+ * subscription.unsubscribe()
3318
+ * }
3319
+ * }, [])
3320
+ *
3321
+ * return (
3322
+ * <SessionContext.Provider value={session}>
3323
+ * <App />
3324
+ * </SessionContext.Provider>
3325
+ * )
3326
+ * }
3327
+ * ```
3328
+ *
3329
+ * @example Listen to password recovery events
3330
+ * ```js
3331
+ * supabase.auth.onAuthStateChange((event, session) => {
3332
+ * if (event === 'PASSWORD_RECOVERY') {
3333
+ * console.log('PASSWORD_RECOVERY', session)
3334
+ * // show screen to update user's password
3335
+ * showPasswordResetScreen(true)
3336
+ * }
3337
+ * })
3338
+ * ```
3339
+ *
3340
+ * @example Listen to sign in
3341
+ * ```js
3342
+ * supabase.auth.onAuthStateChange((event, session) => {
3343
+ * if (event === 'SIGNED_IN') console.log('SIGNED_IN', session)
3344
+ * })
3345
+ * ```
3346
+ *
3347
+ * @example Listen to token refresh
3348
+ * ```js
3349
+ * supabase.auth.onAuthStateChange((event, session) => {
3350
+ * if (event === 'TOKEN_REFRESHED') console.log('TOKEN_REFRESHED', session)
3351
+ * })
3352
+ * ```
3353
+ *
3354
+ * @example Listen to user updates
3355
+ * ```js
3356
+ * supabase.auth.onAuthStateChange((event, session) => {
3357
+ * if (event === 'USER_UPDATED') console.log('USER_UPDATED', session)
3358
+ * })
3359
+ * ```
3360
+ */
1781
3361
  onAuthStateChange(callback) {
1782
3362
  const id = (0, helpers_1.generateCallbackId)();
1783
3363
  const subscription = {
@@ -1821,6 +3401,66 @@ class GoTrueClient {
1821
3401
  * @param email The email address of the user.
1822
3402
  * @param options.redirectTo The URL to send the user to after they click the password reset link.
1823
3403
  * @param options.captchaToken Verification token received when the user completes the captcha on the site.
3404
+ *
3405
+ * @category Auth
3406
+ *
3407
+ * @remarks
3408
+ * - The password reset flow consist of 2 broad steps: (i) Allow the user to login via the password reset link; (ii) Update the user's password.
3409
+ * - The `resetPasswordForEmail()` only sends a password reset link to the user's email.
3410
+ * To update the user's password, see [`updateUser()`](/docs/reference/javascript/auth-updateuser).
3411
+ * - A `PASSWORD_RECOVERY` event will be emitted when the password recovery link is clicked.
3412
+ * You can use [`onAuthStateChange()`](/docs/reference/javascript/auth-onauthstatechange) to listen and invoke a callback function on these events.
3413
+ * - When the user clicks the reset link in the email they are redirected back to your application.
3414
+ * You can configure the URL that the user is redirected to with the `redirectTo` parameter.
3415
+ * See [redirect URLs and wildcards](/docs/guides/auth/redirect-urls#use-wildcards-in-redirect-urls) to add additional redirect URLs to your project.
3416
+ * - After the user has been redirected successfully, prompt them for a new password and call `updateUser()`:
3417
+ * ```js
3418
+ * const { data, error } = await supabase.auth.updateUser({
3419
+ * password: new_password
3420
+ * })
3421
+ * ```
3422
+ *
3423
+ * @example Reset password
3424
+ * ```js
3425
+ * const { data, error } = await supabase.auth.resetPasswordForEmail(email, {
3426
+ * redirectTo: 'https://example.com/update-password',
3427
+ * })
3428
+ * ```
3429
+ *
3430
+ * @exampleResponse Reset password
3431
+ * ```json
3432
+ * {
3433
+ * data: {}
3434
+ * error: null
3435
+ * }
3436
+ * ```
3437
+ *
3438
+ * @example Reset password (React)
3439
+ * ```js
3440
+ * /**
3441
+ * * Step 1: Send the user an email to get a password reset token.
3442
+ * * This email contains a link which sends the user back to your application.
3443
+ * *\/
3444
+ * const { data, error } = await supabase.auth
3445
+ * .resetPasswordForEmail('user@email.com')
3446
+ *
3447
+ * /**
3448
+ * * Step 2: Once the user is redirected back to your application,
3449
+ * * ask the user to reset their password.
3450
+ * *\/
3451
+ * useEffect(() => {
3452
+ * supabase.auth.onAuthStateChange(async (event, session) => {
3453
+ * if (event == "PASSWORD_RECOVERY") {
3454
+ * const newPassword = prompt("What would you like your new password to be?");
3455
+ * const { data, error } = await supabase.auth
3456
+ * .updateUser({ password: newPassword })
3457
+ *
3458
+ * if (data) alert("Password updated successfully!")
3459
+ * if (error) alert("There was an error updating your password.")
3460
+ * }
3461
+ * })
3462
+ * }, [])
3463
+ * ```
1824
3464
  */
1825
3465
  async resetPasswordForEmail(email, options = {}) {
1826
3466
  let codeChallenge = null;
@@ -1852,6 +3492,43 @@ class GoTrueClient {
1852
3492
  }
1853
3493
  /**
1854
3494
  * Gets all the identities linked to a user.
3495
+ *
3496
+ * @category Auth
3497
+ *
3498
+ * @remarks
3499
+ * - The user needs to be signed in to call `getUserIdentities()`.
3500
+ *
3501
+ * @example Returns a list of identities linked to the user
3502
+ * ```js
3503
+ * const { data, error } = await supabase.auth.getUserIdentities()
3504
+ * ```
3505
+ *
3506
+ * @exampleResponse Returns a list of identities linked to the user
3507
+ * ```json
3508
+ * {
3509
+ * "data": {
3510
+ * "identities": [
3511
+ * {
3512
+ * "identity_id": "22222222-2222-2222-2222-222222222222",
3513
+ * "id": "2024-01-01T00:00:00Z",
3514
+ * "user_id": "2024-01-01T00:00:00Z",
3515
+ * "identity_data": {
3516
+ * "email": "example@email.com",
3517
+ * "email_verified": false,
3518
+ * "phone_verified": false,
3519
+ * "sub": "11111111-1111-1111-1111-111111111111"
3520
+ * },
3521
+ * "provider": "email",
3522
+ * "last_sign_in_at": "2024-01-01T00:00:00Z",
3523
+ * "created_at": "2024-01-01T00:00:00Z",
3524
+ * "updated_at": "2024-01-01T00:00:00Z",
3525
+ * "email": "example@email.com"
3526
+ * }
3527
+ * ]
3528
+ * },
3529
+ * "error": null
3530
+ * }
3531
+ * ```
1855
3532
  */
1856
3533
  async getUserIdentities() {
1857
3534
  var _a;
@@ -1868,6 +3545,33 @@ class GoTrueClient {
1868
3545
  throw error;
1869
3546
  }
1870
3547
  }
3548
+ /** *
3549
+ * @category Auth
3550
+ *
3551
+ * @remarks
3552
+ * - The **Enable Manual Linking** option must be enabled from your [project's authentication settings](/dashboard/project/_/auth/providers).
3553
+ * - The user needs to be signed in to call `linkIdentity()`.
3554
+ * - If the candidate identity is already linked to the existing user or another user, `linkIdentity()` will fail.
3555
+ * - If `linkIdentity` is run in the browser, the user is automatically redirected to the returned URL. On the server, you should handle the redirect.
3556
+ *
3557
+ * @example Link an identity to a user
3558
+ * ```js
3559
+ * const { data, error } = await supabase.auth.linkIdentity({
3560
+ * provider: 'github'
3561
+ * })
3562
+ * ```
3563
+ *
3564
+ * @exampleResponse Link an identity to a user
3565
+ * ```json
3566
+ * {
3567
+ * data: {
3568
+ * provider: 'github',
3569
+ * url: <PROVIDER_URL_TO_REDIRECT_TO>
3570
+ * },
3571
+ * error: null
3572
+ * }
3573
+ * ```
3574
+ */
1871
3575
  async linkIdentity(credentials) {
1872
3576
  if ('token' in credentials) {
1873
3577
  return this.linkIdentityIdToken(credentials);
@@ -1958,6 +3662,28 @@ class GoTrueClient {
1958
3662
  }
1959
3663
  /**
1960
3664
  * Unlinks an identity from a user by deleting it. The user will no longer be able to sign in with that identity once it's unlinked.
3665
+ *
3666
+ * @category Auth
3667
+ *
3668
+ * @remarks
3669
+ * - The **Enable Manual Linking** option must be enabled from your [project's authentication settings](/dashboard/project/_/auth/providers).
3670
+ * - The user needs to be signed in to call `unlinkIdentity()`.
3671
+ * - The user must have at least 2 identities in order to unlink an identity.
3672
+ * - The identity to be unlinked must belong to the user.
3673
+ *
3674
+ * @example Unlink an identity
3675
+ * ```js
3676
+ * // retrieve all identities linked to a user
3677
+ * const identities = await supabase.auth.getUserIdentities()
3678
+ *
3679
+ * // find the google identity
3680
+ * const googleIdentity = identities.find(
3681
+ * identity => identity.provider === 'google'
3682
+ * )
3683
+ *
3684
+ * // unlink the google identity
3685
+ * const { error } = await supabase.auth.unlinkIdentity(googleIdentity)
3686
+ * ```
1961
3687
  */
1962
3688
  async unlinkIdentity(identity) {
1963
3689
  try {
@@ -2356,6 +4082,28 @@ class GoTrueClient {
2356
4082
  * appropriately to conserve resources.
2357
4083
  *
2358
4084
  * {@see #stopAutoRefresh}
4085
+ *
4086
+ * @category Auth
4087
+ *
4088
+ * @remarks
4089
+ * - Only useful in non-browser environments such as React Native or Electron.
4090
+ * - The Supabase Auth library automatically starts and stops proactively refreshing the session when a tab is focused or not.
4091
+ * - On non-browser platforms, such as mobile or desktop apps built with web technologies, the library is not able to effectively determine whether the application is _focused_ or not.
4092
+ * - To give this hint to the application, you should be calling this method when the app is in focus and calling `supabase.auth.stopAutoRefresh()` when it's out of focus.
4093
+ *
4094
+ * @example Start and stop auto refresh in React Native
4095
+ * ```js
4096
+ * import { AppState } from 'react-native'
4097
+ *
4098
+ * // make sure you register this only once!
4099
+ * AppState.addEventListener('change', (state) => {
4100
+ * if (state === 'active') {
4101
+ * supabase.auth.startAutoRefresh()
4102
+ * } else {
4103
+ * supabase.auth.stopAutoRefresh()
4104
+ * }
4105
+ * })
4106
+ * ```
2359
4107
  */
2360
4108
  async startAutoRefresh() {
2361
4109
  this._removeVisibilityChangedCallback();
@@ -2368,6 +4116,28 @@ class GoTrueClient {
2368
4116
  * removed and you must manage visibility changes on your own.
2369
4117
  *
2370
4118
  * See {@link #startAutoRefresh} for more details.
4119
+ *
4120
+ * @category Auth
4121
+ *
4122
+ * @remarks
4123
+ * - Only useful in non-browser environments such as React Native or Electron.
4124
+ * - The Supabase Auth library automatically starts and stops proactively refreshing the session when a tab is focused or not.
4125
+ * - On non-browser platforms, such as mobile or desktop apps built with web technologies, the library is not able to effectively determine whether the application is _focused_ or not.
4126
+ * - When your application goes in the background or out of focus, call this method to stop the proactive refreshing of the session.
4127
+ *
4128
+ * @example Start and stop auto refresh in React Native
4129
+ * ```js
4130
+ * import { AppState } from 'react-native'
4131
+ *
4132
+ * // make sure you register this only once!
4133
+ * AppState.addEventListener('change', (state) => {
4134
+ * if (state === 'active') {
4135
+ * supabase.auth.startAutoRefresh()
4136
+ * } else {
4137
+ * supabase.auth.stopAutoRefresh()
4138
+ * }
4139
+ * })
4140
+ * ```
2371
4141
  */
2372
4142
  async stopAutoRefresh() {
2373
4143
  this._removeVisibilityChangedCallback();
@@ -2958,6 +4728,55 @@ class GoTrueClient {
2958
4728
  * can obtain from {@link #getSession}.
2959
4729
  * @param options Various additional options that allow you to customize the
2960
4730
  * behavior of this method.
4731
+ *
4732
+ * @category Auth
4733
+ *
4734
+ * @remarks
4735
+ * - Parses the user's [access token](/docs/guides/auth/sessions#access-token-jwt-claims) as a [JSON Web Token (JWT)](/docs/guides/auth/jwts) and returns its components if valid and not expired.
4736
+ * - If your project is using asymmetric JWT signing keys, then the verification is done locally usually without a network request using the [WebCrypto API](https://developer.mozilla.org/en-US/docs/Web/API/Web_Crypto_API).
4737
+ * - A network request is sent to your project's JWT signing key discovery endpoint `https://project-id.supabase.co/auth/v1/.well-known/jwks.json`, which is cached locally. If your environment is ephemeral, such as a Lambda function that is destroyed after every request, a network request will be sent for each new invocation. Supabase provides a network-edge cache providing fast responses for these situations.
4738
+ * - If the user's access token is about to expire when calling this function, the user's session will first be refreshed before validating the JWT.
4739
+ * - If your project is using a symmetric secret to sign the JWT, it always sends a request similar to `getUser()` to validate the JWT at the server before returning the decoded token. This is also used if the WebCrypto API is not available in the environment. Make sure you polyfill it in such situations.
4740
+ * - The returned claims can be customized per project using the [Custom Access Token Hook](/docs/guides/auth/auth-hooks/custom-access-token-hook).
4741
+ *
4742
+ * @example Get JWT claims, header and signature
4743
+ * ```js
4744
+ * const { data, error } = await supabase.auth.getClaims()
4745
+ * ```
4746
+ *
4747
+ * @exampleResponse Get JWT claims, header and signature
4748
+ * ```json
4749
+ * {
4750
+ * "data": {
4751
+ * "claims": {
4752
+ * "aal": "aal1",
4753
+ * "amr": [{
4754
+ * "method": "email",
4755
+ * "timestamp": 1715766000
4756
+ * }],
4757
+ * "app_metadata": {},
4758
+ * "aud": "authenticated",
4759
+ * "email": "example@email.com",
4760
+ * "exp": 1715769600,
4761
+ * "iat": 1715766000,
4762
+ * "is_anonymous": false,
4763
+ * "iss": "https://project-id.supabase.co/auth/v1",
4764
+ * "phone": "+13334445555",
4765
+ * "role": "authenticated",
4766
+ * "session_id": "11111111-1111-1111-1111-111111111111",
4767
+ * "sub": "11111111-1111-1111-1111-111111111111",
4768
+ * "user_metadata": {}
4769
+ * },
4770
+ * "header": {
4771
+ * "alg": "RS256",
4772
+ * "typ": "JWT",
4773
+ * "kid": "11111111-1111-1111-1111-111111111111"
4774
+ * },
4775
+ * "signature": [/** Uint8Array *\/],
4776
+ * },
4777
+ * "error": null
4778
+ * }
4779
+ * ```
2961
4780
  */
2962
4781
  async getClaims(jwt, options = {}) {
2963
4782
  try {