Sign in a user
Sign in an existing user with email/phone + password.
Authenticate an existing user with email/phone + password. On success the new session is persisted (if persist_session is enabled in ClientOptions) and a SIGNED_IN event is dispatched to any on_auth_state_change subscribers.
Signature
supabase.auth.sign_in_with_password(credentials)credentials is a hash — call with a literal ({ email: "...", password: "..." }) or Ruby's hash-literal shorthand (email: "...", password: "...").
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
email | String | Optional | User email. Provide either email or phone. |
phone | String | Optional | User phone number in E.164 format. Provide either email or phone. |
password | String | Required | The user password. |
options | Hash | Optional | Nested options: captcha_token (String, hCaptcha/Turnstile token), data (Hash, extra metadata sent to GoTrue). |
Returns
A Struct with :user (the authenticated user) and :session (access_token, refresh_token, expires_at, user). On invalid credentials, GoTrue raises a Supabase::Auth::Errors::AuthApiError instead of returning a payload.
Example — email + password
response = supabase.auth.sign_in_with_password(
email: "ada@example.com",
password: "Lovelace-1815!"
)
response.session.access_token # => "eyJhbGciOi..."
response.user.email # => "ada@example.com"Example — phone + password
response = supabase.auth.sign_in_with_password(
phone: "+15555550123",
password: "Lovelace-1815!"
)Example — with captcha
response = supabase.auth.sign_in_with_password(
email: "ada@example.com",
password: "Lovelace-1815!",
options: { captcha_token: turnstile_token }
)Missing email/phone or missing password raises Supabase::Auth::Errors::AuthInvalidCredentialsError. On success the new session is persisted via the configured storage backend.