Authentication Flows
Learn how we have implemented different authentication flows in Supersaas.
Email/Password Registration
Classic Email password registration in Supersaas.
Scroll horizontally to view the full flowchart.
Email/Password Login
Email password login in Supersaas.
Scroll horizontally to view the full flowchart.
Magic Link
A link is sent to the user to login as well as a one time code of 6 digits.
Scroll horizontally to view the full flowchart.
Phone Number Login
Similar to Magic Link, but with a phone number instead of an email and a SMS is sent to the user.
This provider is based on Twilio and requires you to have a Twilio account.
OAuth
Supersaas has a examples of Google, Github and Discord OAuth providers, but nuxt-auth-utils supports over 35 providers. You can use the same examples to implement others.
Forgot Password
Scroll horizontally to view the full flowchart.
User verification
Supersaas implements a robust email verification system with multiple paths for user verification. Here's how it works:
- Email Verification (Standard Registration)
- When a user registers with email/password, they receive a verification email containing a unique verification code
- The verification code expires after 30 minutes
- Users must click the verification link in their email to verify their account
- The verification link contains a 32-character alphanumeric code
- OAuth Authentication
- Users who sign up using OAuth providers (Google, GitHub, Discord) are automatically verified
- No additional verification step is required as the OAuth provider has already verified the user's identity
- The user's email is marked as verified immediately upon successful OAuth authentication
- Magic Link Authentication
- When a user uses the magic link method, they receive a verification email containing a unique verification code
- The verification code expires after 30 minutes
- Users must click the verification link in their email to verify their account
- Team Invitation-Based Registration
- Users who receive team invitations but don't have an account yet can register through the invitation flow
- When they accept the invitation during registration:
- Their email is automatically verified
- They are added to the team
- The invitation is marked as accepted
- This creates a seamless onboarding experience for invited users
Security
- Verification codes are single-use and expire after 30 minutes
- Each verification attempt is tracked and stored securely
- Expired verification codes are automatically cleaned up from the database once the code is verified
- Users cannot access login until their email is verified