Sign in a user through SSO
Sign in via SAML SSO using a domain or provider ID.
Start a SAML SSO flow. Identify the IdP either by domain: (GoTrue looks up the matching SSO provider for that email domain) or by provider_id: (the UUID returned by the admin SSO API).
By default the call returns a URL — your application then redirects the user to it to complete the SAML handshake. If you want GoTrue to issue an HTTP 303 redirect on the wire instead, pass options: { skip_http_redirect: false }.
Signature
supabase.auth.sign_in_with_sso(credentials)credentials is a hash. You must supply exactly one of domain: or provider_id:.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
domain | String | Optional | Email domain to look up the SSO provider for (e.g. "acme-corp.com"). Provide either domain or provider_id. |
provider_id | String | Optional | UUID of an already-registered SSO provider. Provide either domain or provider_id. |
options | Hash | Optional | Nested options: redirect_to (String, absolute URL to send the user to after sign-in), captcha_token (String), skip_http_redirect (Boolean, default true — when true GoTrue returns the SSO URL in the response body instead of an HTTP redirect). |
Returns
A Struct with a single :url field — the URL to redirect the user to in order to complete the SAML handshake.
Raises Supabase::Auth::Errors::AuthInvalidCredentialsError if neither domain: nor provider_id: is provided.
Example — by domain
response = supabase.auth.sign_in_with_sso(
domain: "acme-corp.com",
options: { redirect_to: "https://app.example.com/auth/callback" }
)
response.url # => "https://<project>.supabase.co/auth/v1/sso/redirect?..."Example — by provider ID
response = supabase.auth.sign_in_with_sso(
provider_id: "d0a8b3a4-9e7f-4c2b-8b1c-3e7f6c2b1a9e",
options: { redirect_to: "https://app.example.com/auth/callback" }
)Example — let GoTrue issue the redirect
response = supabase.auth.sign_in_with_sso(
domain: "acme-corp.com",
options: { skip_http_redirect: false }
)