Redirect URLs

Set up redirect urls with Supabase Auth.

Overview#

When using passwordless sign-ins or third-party providers, the Supabase client library methods provide a redirectTo parameter to specify where to redirect the user to after authentication. By default, the user will be redirected to the SITE_URL but you can modify the SITE_URL or add additional redirect URLs to the allow list. Once you've added necessary URLs to the allow list, you can specify the URL you want the user to be redirected to in the redirectTo parameter.

Use wildcards in redirect URLs#

Supabase allows you to specify wildcards when adding redirect URLs to the allow list. You can use wildcard match patterns to support preview URLs from providers like Netlify and Vercel.

Wildcard	Description
`*`	matches any sequence of non-separator characters
`**`	matches any sequence of characters
`?`	matches any single non-separator character
`c`	matches character c (c != ``, `*`, `?`, `\`, `[`, `{`, `}`)
`\c`	matches character c
`[!{ character-range }]`	matches any sequence of characters not in the `{ character-range }`. For example, `[!a-z]` will not match any characters ranging from a-z.

The separator characters in a URL are defined as . and /. Use this tool to test your patterns.

Recommendation

While the "globstar" (**) is useful for local development and preview URLs, we recommend setting the exact redirect URL path for your site URL in production.

Redirect URL examples with wildcards#

Redirect URL	Description
`http://localhost:3000/*`	matches `http://localhost:3000/foo`, `http://localhost:3000/bar` but not `http://localhost:3000/foo/bar` or `http://localhost:3000/foo/` (note the trailing slash)
`http://localhost:3000/**`	matches `http://localhost:3000/foo`, `http://localhost:3000/bar` and `http://localhost:3000/foo/bar`
`http://localhost:3000/?`	matches `http://localhost:3000/a` but not `http://localhost:3000/foo`
`http://localhost:3000/[!a-z]`	matches `http://localhost:3000/1` but not `http://localhost:3000/a`

Netlify preview URLs#

For deployments with Netlify, set the SITE_URL to your official site URL. Add the following additional redirect URLs for local development and deployment previews:

http://localhost:3000/**
https://**--my_org.netlify.app/**

Vercel preview URLs#

For deployments with Vercel, set the SITE_URL to your official site URL. Add the following additional redirect URLs for local development and deployment previews:

http://localhost:3000/**
https://*-username.vercel.app/**

Vercel provides an environment variable for the URL of the deployment called NEXT_PUBLIC_VERCEL_URL. See the Vercel docs for more details. You can use this variable to dynamically redirect depending on the environment. You should also set the value of the environment variable called NEXT_PUBLIC_SITE_URL, this should be set to your site URL in production environment to ensure that redirects function correctly.

const getURL = () => {
  let url =
    process?.env?.NEXT_PUBLIC_SITE_URL ?? // Set this to your site URL in production env.
    process?.env?.NEXT_PUBLIC_VERCEL_URL ?? // Automatically set by Vercel.
    'http://localhost:3000/'
  // Make sure to include `https://` when not localhost.
  url = url.includes('http') ? url : `https://${url}`
  // Make sure to include a trailing `/`.
  url = url.charAt(url.length - 1) === '/' ? url : `${url}/`
  return url
}
const { data, error } = await supabase.auth.signInWithOAuth({
  provider: 'github',
  options: {
    redirectTo: getURL(),
  },
})

Mobile deep linking URIs#

For mobile applications you can use deep linking URIs. For example, for your SITE_URL you can specify something like com.supabase://login-callback/ and for additional redirect URLs something like com.supabase.staging://login-callback/ if needed.

Edit this page on GitHub