How can I use the verify_otp function on the python library for supabase / where can I find extended documentation on it?

Question

I am trying to implement email otp using supabase via a flask backend (and working with a swift frontend). So far I have been able to implement a "send-otp" route that generate an otp and send it to my email, but I'm struggling with writing the follow up "verify_otp" function.

In the supabase docs for Python, below is all they say about the function. However, I need to figure out how to implement it specifically for email with otp. I know it should have something to do with the "signup" option, but I don't know anything beyond that on how I can set up the function and I need more clarification. I've looked everywhere (stackoverflow, reddit, supabase docs) on more on the verify_otp function, but this is all I could find.

*Verify and log in through OTP

The verify_otp method takes in different verification types. If a phone number is used, the type can either be sms or phone_change. If an email address is used, the type can be one of the following: signup, magiclink, recovery, invite or email_change. The verification type used should be determined based on the corresponding auth method called before verify_otp to sign up / sign-in a user.*

res = supabase.auth.verify_otp(phone, token)

my best guess on how it should be structured:

@stylist_bp.route('/verify-otp', methods=['POST'])
def verify_otp():
    data = request.get_json()
    email = data.get('email')
    otp = data.get('otp')

    try:
        # Verify the OTP
        verify_response = supabase.auth.verify_otp({
            'email': email,
            'token': otp,
            'type': 'email'
        })

        session = verify_response.data.session
        return jsonify({'session': session}), 200
    except AttributeError as e:
        return jsonify({'error': str(e)}), 500

What I've tried so far: As described earlier, I have been reading the supabase documentation and I have tried going through forums, but I cannot find further instructions on how to properly format the verify_otp function for my needs.

Answer 1

Docs are a bit light on detail but I got this working for a simple helper script I needed to sign in with email+otp from command line to get an access_token for testing.

Your verify_otp params look correct but you can remove data from verify_response.data.session (see example below)

Also note that that type should match the type used to sign in

For reference:

• You can find the verify_otp function definition here
• Email OTP params are defined here
• AuthResponse definition is here

Example:

from supabase import create_client, Client

# Initialize the Supabase client
project_ref = input("Enter project ref: ")
SUPABASE_URL = 'https://'+project_ref+'.supabase.co'
SUPABASE_KEY = input("Enter project anon key: ")

supabase: Client = create_client(SUPABASE_URL, SUPABASE_KEY)

# Capture email
email = input("Enter your email: ")

# Send OTP to the email
signin_response = supabase.auth.sign_in_with_otp({"email": email})
print("OTP sent to email. Please check your inbox.")

# Capture OTP
otp = input("Enter the OTP received via email: ")

# Verify the OTP to sign in
verify_response = supabase.auth.verify_otp({
    "email":email,
    "token":otp,
    "type": "email" # This needs to match the sign in type
})

# Handle response
# Response looks like user=User(id:...) session=Session(access_token:...)
user = verify_response.user
session = verify_response.session

if verify_response.session:
    print("Sign in successful")
    
    access_token = session.access_token
    print(access_token)
else:
    print("Failed to log in. Check the OTP and try again.")

# Sign out or refresh timer will cause script to hang - does not effect access_token
supabase.auth.sign_out()

I hope it helps 👍