About svelte-supabase-auth

Svelte Supabase Auth is a Svelte-built web component that aims to provide all necessary functionality for Supabase authentication and user management with minimal configuration. It is available as a Svelte component or a web component implementing a custom element named <supabase-auth>. For usage instructions, please see the pages on GitHub or NPM.

The following workflows and configurations are handled by the component. Those that have automated behavioral tests are checked.

Authentication with email

defaults_email.feature

  • Signup/login with email and passphrase
  • Signup/login with email and magic link
  • Signup/login with email and verification code
  • Config: Email confirmation not required
  • Config: Email signup disabled
  • Config: Email provider disabled
  • Config: Auth completely disabled (misconfiguration)
  • Config: No providers enabled (misconfiguration)

Authentication with social providers

This functionality is fully supported, but it does not yet have automated behavioral tests.

  • Signup/login with social provider
  • Adding a social provider to an existing account
  • Adding an email/password login to an existing social account
  • Deleting an account created with a social provider

Manual linking

This functionality is not fully supported, but it should work in the context of linking social providers to an existing, signed-in account (see above).

Anonymous logins

This functionality is untested and may not work correctly.

Alternate server configurations

  • Sign-ups disabled
  • Required password length
  • Required password composition (DEPRECATED, as it reduces password strength in real-life usage)
  • OTP length
  • OTP expiry
  • No double confirmation on email changes
  • Secure password change
  • Max frequency for outbound auth emails
  • MFA required
  • TOTP enroll_enabled
  • TOTP verify_enabled

Multi-factor authentication

defaults_mfa.feature

  • Creating a new factor
  • Deleting a factor
  • Listing factors
  • Signup/login with MFA
  • Multiple factors
  • Choosing a factor at login
  • Config: MFA required
  • Config: TOTP enroll disabled
  • Config: TOTP verify disabled

Account deletion

deletion.feature

  • Deleting an account with a verification code
  • Entering the wrong verification code

Creating a passphrase

passphrases.feature

  • Checking potential passphrases for uniqueness and context-specific words
  • Checking potential passphrases for breached passwords
  • Ensuring proper length of potential passphrases
  • Ensuring proper character support
  • Config: Minimum length
  • Config: Ignore length recommendations
  • Config: Required characters warning

Changing a passphrase

passphrases.feature

  • Resetting a forgotten passphrase
  • Changing or setting a passphrase for an existing account
  • Config: Secure password changes not required

Changing an email address (not yet supported)

  • Changing email address
  • Config: Double confirm changes disabled

Web components

The module is available as a web component using the custom element <supabase-auth>. The javascript for that element can either be imported or used as a script tag.

  • ESM web component import
  • UMD web component script
  • inject a Supabase client instance
  • configure with html attributes