Why Use Magic Links?

Supabase Magic Link is a passwordless sign-in method where users receive a unique, time-sensitive link by email. Clicking it signs them in - no password needed.

Why it's useful

• Lower friction, higher conversion: No password creation or "forgot password" loops - fewer drop-offs.
• Stronger security vs passwords: Avoids weak/reused passwords and reduces credential stuffing risk.
• Less support overhead: Fewer password reset tickets and fewer locked-out users.
• Built-in account recovery: If they can access their email, they can regain access.

Key Supabase behaviors

• One-time use: Each link is valid for a single successful login attempt.
• Optional auto user creation: If enabled, signing in can create a new user automatically.
• Configurable limits: Links typically expire in about an hour, and requests are rate-limited to prevent abuse.
• Custom email templates: You can brand the email content in the Supabase Dashboard.

Best-fit use cases

• Marketing sites + lightweight apps: Landing page - "Get started" - instant login without password friction.
• Internal tools / admin dashboards: Fast access for trusted users without password management.
• Early-stage MVPs: Ship authentication quickly while keeping UX simple.
• B2B apps for busy professionals: Users don't want another password - email links are familiar and fast.

Important considerations

• Cross-device/browser caveat (PKCE): The link usually must be opened in the same browser/device where it was requested, or it may fail as an invalid link.
• Email delivery dependency: If emails are delayed or flagged as spam, users can't log in.
• If cross-device matters: Consider Email OTP (6-digit codes) for better cross-device compatibility while staying passwordless.