About the Starter
Passwordless authentication made simple with Supabase Magic Links. No passwords to manage, no security risks, just seamless access.
Features & Benefits
Zero Password Friction
Users sign in with just their email. No passwords to remember, reset, or compromise.
Enterprise-Grade Security
Magic links are time-limited, single-use tokens. Built on Supabase Auth with proven security standards.
Instant Implementation
Drop-in authentication with minimal code. Focus on building features, not auth infrastructure.
Better User Experience
Reduce signup friction by 80%. No password requirements, no forgotten credentials, no reset flows.
How It Works
Enter your email, receive a secure link, click to authenticate. Supabase handles token generation, validation, and session management automatically.
Session duration
After signing in, your session stays active as long as you are using the app. Each page load refreshes your session automatically via server-side middleware. If you remain inactive, your access token expires after 1 hour — at which point you will need to request a new magic link. Signing out ends the session immediately.
Technical Foundation
Built on Next.js with server-side session refresh, RLS-first database security, and production-ready patterns.
Under the hood
- Framework
- Next.js (App Router) + React + TypeScript
- Auth
- Supabase Auth (magic link)
- Security
- Postgres RLS policies + server-side enforcement
- Language
- EN/ES via cookie + translation keys
From the builder
I built this as a concise proof-of-concept: real auth, real SSR, real RLS — without extra UI complexity.
— Robert Cushman, Product Engineer