Auth flow
Magic Link
The user enters an email, Supabase sends a passwordless login link, and EventMap receives the user back through /auth/callback.
Supabase Auth flow
Magic Link, Google OAuth, safe next redirects, callback route and Supabase session cookies as a separate Demo Lab explanation.
Auth flow
Google OAuth
EventMap starts signInWithOAuth, Google returns the user to Supabase, and Supabase redirects back to EventMap.
Auth flow
Callback route
The /auth/callback route exchanges the auth code for a Supabase session and then redirects to a safe internal next path.
Auth flow
Sign out
Sign out clears the Supabase session cookies and sends the user back to the login page.
EventMap callback
Safe internal redirect
EventMap accepts only internal next paths. External URLs are rejected by getSafeAuthNext before the user is redirected after sign in.
Callback path
/auth/callback?next=%2Fen%2FfavoritesNext path
/en/favoritesSetup
Supabase URL Configuration
Site URL is http://localhost:3000 and Redirect URLs include http://localhost:3000/auth/callback.
Setup
Google Console callback
Google Console uses the Supabase callback URL: https://<project-ref>.supabase.co/auth/v1/callback.
Setup
EventMap callback
EventMap owns /auth/callback. This route is excluded from next-intl middleware and does not include locale in the path.