Stackpane Stackpane
Download

Supabase Users

Browse, create, edit, and manage Supabase GoTrue authentication users.

Overview

The Authentication section provides a complete user management interface for Supabase GoTrue. Browse all users in a sortable table, inspect individual user details, create new accounts, perform password resets, and revoke sessions — all without switching to the Supabase dashboard.

User Listing

Navigate to the Authentication section from the sidebar to see all users in a table with the following columns:

  • Email — the user’s email address
  • Phone — phone number if set
  • Provider — authentication provider (email, google, apple, github, etc.)
  • Status — confirmed or unconfirmed
  • Last Sign-In — when the user last authenticated
  • Created — account creation date

Users load with pagination (100 per page). Click Load More to fetch additional pages. Use column headers to sort by any field, and toggle column visibility with the column configuration button.

Searching Users

Use the search field above the table to find users by email address or phone number. Search queries are sent to the GoTrue admin API for server-side filtering.

User Inspector

Click any user row to open the inspector panel with complete user details:

  • User ID — the unique UUID identifier (selectable for copying)
  • Email and Email Confirmed status
  • Phone and Phone Confirmed status
  • Provider — the authentication provider used for sign-up
  • Role — the user’s GoTrue role
  • Created At and Last Sign-In At timestamps
  • Updated At — last profile modification time
  • User Metadata — JSON key-value pairs for user-facing profile data
  • App Metadata — JSON key-value pairs for application-controlled data (e.g., provider info, custom roles)

Editing User Properties

  1. Click Edit to enter edit mode.
  2. Modify email, phone, or user metadata fields.
  3. Edit user metadata using the JSON key-value editor.
  4. Click Save to commit changes.

Changes are sent to the GoTrue admin API and take effect immediately.

Creating Users

Create new Supabase Auth users:

  1. Click the + button and select Create User.
  2. Enter an email address.
  3. Enter a password (minimum 6 characters by default, configurable in Supabase).
  4. Optionally enter a phone number.
  5. Optionally provide initial user metadata as JSON.
  6. Choose whether to auto-confirm the user’s email (skips the confirmation email).
  7. Click Create User.

The new user appears in the table immediately.

Account Actions

From the user inspector, perform these account actions:

Password Reset

Click Send Password Reset to send a password reset email to the user’s email address. The user receives a link to set a new password through the configured Supabase email template.

Revoke Sessions (Global Sign Out)

Click Revoke All Sessions to sign the user out of all devices and sessions by invalidating their refresh tokens. This forces the user to re-authenticate on their next request.

Delete User

Click Delete User to permanently remove the user account. A confirmation dialog appears before the deletion proceeds. Deleting a user removes their GoTrue record but does not automatically clean up related data in your database tables.

Batch Operations

Bulk Delete

  1. Enable selection mode from the toolbar.
  2. Click checkboxes to select multiple users.
  3. Click Delete Selected in the bulk action bar.
  4. Confirm the batch deletion in the dialog.

User Import

Import users from a JSON file:

  1. Click the import button in the toolbar.
  2. Select a JSON file containing an array of user objects with email, password, and optional metadata fields.
  3. Review the import preview showing the users to be created.
  4. Click Import to create all users.

Import is useful for migrating users from another authentication provider or seeding a development environment.

Tips

  • Use the service role key in your connection for user management — the anon key does not have access to the GoTrue admin API
  • Auto-confirm users during development to skip email verification workflows
  • Review app metadata to understand which authentication provider each user signed up with
  • Revoking sessions is useful when you suspect a user’s credentials have been compromised
  • Batch operations execute sequentially to respect API rate limits