Authentication

Authentication Flows

Learn how authentication works in Supersaas

Learn how we have implemented different authentication flows in Supersaas.

Email/Password Registration

Classic Email password registration in Supersaas.

Scroll horizontally to view the full flowchart.

Registration Flow

Email/Password Login

Email password login in Supersaas.

Scroll horizontally to view the full flowchart.

Login Flow

Magic Link

A link is sent to the user to login as well as a one time code of 6 digits.

Scroll horizontally to view the full flowchart.

Magic Link Flow

Phone Number Login

Similar to Magic Link, but with a phone number instead of an email and a SMS is sent to the user.

This provider is based on Twilio and requires you to have a Twilio account.

OAuth

Supersaas has a examples of Google, Github and Discord OAuth providers, but nuxt-auth-utils supports over 35 providers. You can use the same examples to implement others.

OAuth Flow

Forgot Password

Scroll horizontally to view the full flowchart.

Forgot Password Flow

User verification

Supersaas implements a robust email verification system with multiple paths for user verification. Here's how it works:

User Verification Flow
  1. Email Verification (Standard Registration)
  • When a user registers with email/password, they receive a verification email containing a unique verification code
  • The verification code expires after 30 minutes
  • Users must click the verification link in their email to verify their account
  • The verification link contains a 32-character alphanumeric code
  1. OAuth Authentication
  • Users who sign up using OAuth providers (Google, GitHub, Discord) are automatically verified
  • No additional verification step is required as the OAuth provider has already verified the user's identity
  • The user's email is marked as verified immediately upon successful OAuth authentication
  1. Magic Link Authentication
  • When a user uses the magic link method, they receive a verification email containing a unique verification code
  • The verification code expires after 30 minutes
  • Users must click the verification link in their email to verify their account
  1. Team Invitation-Based Registration
  • Users who receive team invitations but don't have an account yet can register through the invitation flow
  • When they accept the invitation during registration:
  • Their email is automatically verified
  • They are added to the team
  • The invitation is marked as accepted
  • This creates a seamless onboarding experience for invited users

Security

  • Verification codes are single-use and expire after 30 minutes
  • Each verification attempt is tracked and stored securely
  • Expired verification codes are automatically cleaned up from the database once the code is verified
  • Users cannot access login until their email is verified

Overview

Learn how authentication works in Supersaas

OAuth Setup

Learn how to setup OAuth in Supersaas