JavaScript: Sign in a user through SSO (original) (raw)

• Introduction
• Installing
• Initializing
• TypeScript support
• Database
• Fetch data
• Insert data
• Update data
• Upsert data
• Delete data
• Call a Postgres function
• Using filters
• Column is equal to a value
• Column is not equal to a value
• Column is greater than a value
• Column is greater than or equal to a value
• Column is less than a value
• Column is less than or equal to a value
• Column matches a pattern
• Column matches a case-insensitive pattern
• Column is a value
• Column is in an array
• Column contains every element in a value
• Contained by value
• Greater than a range
• Greater than or equal to a range
• Less than a range
• Less than or equal to a range
• Mutually exclusive to a range
• With a common element
• Match a string
• Match an associated value
• Don't match the filter
• Match at least one filter
• Match the filter
• Using modifiers
• Return data after inserting
• Order the results
• Limit the number of rows returned
• Limit the query to a range
• Set an abort signal
• Retrieve one row of data
• Retrieve zero or one row of data
• Retrieve as a CSV
• Override type of successful response
• Partially override or replace type of successful response
• Using explain
• Auth
• Overview
• Create a new user
• Listen to auth events
• Create an anonymous user
• Sign in a user
• Sign in with ID token (native sign-in)
• Sign in a user through OTP
• Sign in a user through OAuth
• Sign in a user through SSO
• Sign in a user through Web3 (Solana, Ethereum)
• Get user claims from verified JWT
• Sign out a user
• Send a password reset request
• Verify and log in through OTP
• Retrieve a session
• Retrieve a new session
• Retrieve a user
• Update a user
• Retrieve identities linked to a user
• Link an identity to a user
• Unlink an identity from a user
• Send a password reauthentication nonce
• Resend an OTP
• Set the session data
• Exchange an auth code for a session
• Start auto-refresh session (non-browser)
• Stop auto-refresh session (non-browser)
• Initialize client session
• Auth MFA
• Enroll a factor
• Create a challenge
• Verify a challenge
• Create and verify a challenge
• Unenroll a factor
• Get Authenticator Assurance Level
• List all factors for current user
• OAuth Server
• Get authorization details
• Approve authorization
• Deny authorization
• List grants
• Revoke grant
• Auth Admin
• Retrieve a user
• List all users
• Create a user
• Delete a user
• Send an email invite link
• Generate an email link
• Update a user
• Sign out a user (admin)
• Delete a factor for a user
• List all factors for a user (admin)
• OAuth Admin
• List OAuth clients
• Get OAuth client
• Create OAuth client
• Update OAuth client
• Delete OAuth client
• Regenerate client secret
• Edge Functions
• Invokes a Supabase Edge Function.
• Realtime
• Subscribe to channel
• Unsubscribe from a channel
• Unsubscribe from all channels
• Retrieve all channels
• Broadcast a message
• Storage
• File Buckets
• Access a storage bucket
• List all buckets
• Retrieve a bucket
• Create a bucket
• Empty a bucket
• Update a bucket
• Delete a bucket
• Upload a file
• Replace an existing file
• Move an existing file
• Copy an existing file
• Create a signed URL
• Create signed URLs
• Create signed upload URL
• Upload to a signed URL
• Retrieve public URL
• Download a file
• Delete files in a bucket
• List all files in a bucket
• Check if file exists
• Get file metadata
• List files (v2)
• Convert file to base64
• Analytics Buckets
• Access an analytics bucket
• Create a new analytics bucket
• List analytics buckets
• Delete an analytics bucket
• Vector Buckets
• Access a vector bucket
• Create a vector bucket
• Delete a vector bucket
• Retrieve a vector bucket
• List all vector buckets
• Create a vector index
• Delete a vector index
• Retrieve a vector index
• List all vector indexes
• Access a vector index
• Delete vectors from index
• Retrieve vectors from index
• List vectors in index
• Add vectors to index
• Search vectors in index

Attempts a single-sign on using an enterprise Identity Provider. A successful SSO attempt will redirect the current page to the identity provider authorization page. The redirect URL is implementation and SSO protocol specific.

You can use it by providing a SSO domain. Typically you can extract this domain by asking users for their email address. If this domain is registered on the Auth instance the redirect will use that organization's currently active SSO Identity Provider for the login.

If you have built an organization-specific login page, you can use the organization's SSO Identity Provider UUID directly instead.

• Before you can call this method you need to establish a connection to an identity provider. Use the CLI commands to do this.
• If you've associated an email domain to the identity provider, you can use the domain property to start a sign-in flow.
• In case you need to use a different way to start the authentication flow with an identity provider, you can use the providerId property. For example:
  • Mapping specific user email addresses with an identity provider.
  • Using different hints to identity the identity provider to be used by the user, like a company-specific page, IP address or other tracking information.

Parameters

• params

(Required)

Examples

Sign in with email domain

  // You can extract the user's email domain and use it to trigger the
  // authentication flow with the correct identity provider.

  const { data, error } = await supabase.auth.signInWithSSO({
    domain: 'company.com'
  })

  if (data?.url) {
    // redirect the user to the identity provider's authentication flow
    window.location.href = data.url
  }

Sign in with provider UUID

  // Useful when you need to map a user's sign in request according
  // to different rules that can't use email domains.

  const { data, error } = await supabase.auth.signInWithSSO({
    providerId: '21648a9d-8d5a-4555-a9d1-d6375dc14e92'
  })

  if (data?.url) {
    // redirect the user to the identity provider's authentication flow
    window.location.href = data.url
  }