Setup
apps/app/.env automatically.
Without credentials: The app runs in mock mode with simulated auth. Connect a real backend before production to test email confirmation, password reset, and OAuth flows.
Using Authentication
The useAuth() Hook
UseuseAuth() for all screens and components. It’s the ONLY auth hook you need - it works with both Supabase and Convex backends:
All auth methods work with both backends - no need for provider-specific hooks!
Unified User Object
TheAppUser interface normalizes user data across backends:
Common Tasks
Sign Up
Sign Up
- Supabase: Sends confirmation email, user clicks link to verify
- Convex: Creates user and logs them in immediately
- Mock mode: Accounts created instantly without verification
Sign In
Sign In
Invalid login credentials- wrong email/passwordEmail not confirmed- user needs to verify email first
Sign Out
Sign Out
Reset Password
Reset Password
Update Profile
Update Profile
- Supabase: Updates
user_metadatain Auth and syncs toprofilestable - Convex: Updates the
userstable via mutation
Magic Link / OTP
Magic Link / OTP
Magic link and OTP authentication works on both backends through Backend differences:
useAuth():- Supabase: Sends magic link or OTP depending on your Supabase project settings
- Convex: Sends OTP code via Resend (requires RESEND_API_KEY in Convex dashboard)
Supabase Setup Required
For magic links to work on web, configure redirect URLs in Supabase Dashboard → Authentication → URL Configuration → Redirect URLs:Convex Setup Required
Add these environment variables to your Convex deployment:Check Auth State
Check Auth State
Account Deletion
Apple requires apps to provide account deletion. The Profile screen includes a Delete Account button.- Supabase
- Convex
Manual Setup
- Supabase
- Convex
1. Create Supabase Project
- Go to supabase.com/dashboard
- Create a new project
- Wait for provisioning (~2 minutes)
2. Get Credentials
In Supabase Dashboard → Project Settings → API:- Copy Project URL (e.g.,
https://abc123.supabase.co) - Copy Publishable key (starts with
eyJ)
service_role key in your app - it bypasses RLS.3. Configure Environment
Add toapps/app/.env:4. Run Database Schema
In Supabase Dashboard → SQL Editor, run the contents ofsupabase/schema.sql. This creates the profiles, user_preferences, and push_tokens tables with RLS policies.See Backend Guide for schema customization.Security
- Supabase RLS
- Convex Functions
RLS policies are pre-configured in the schema. For more on RLS, see Supabase RLS Documentation.
auth.uid() returns the current user’s ID.Direct Client Access
- Supabase
- Convex
For advanced use cases, access the Supabase client directly:For full API reference, see Supabase JS Client Docs.
Mock Mode
Without backend credentials, a mock client simulates auth and database operations. Test accounts:Troubleshooting
Still in mock mode?- Verify
apps/app/.envexists with correct values - Check
EXPO_PUBLIC_BACKEND_PROVIDERis set correctly - Env vars must start with
EXPO_PUBLIC_ - Restart Metro:
yarn start --clear
- Supabase: Check RLS policies in Dashboard
- Convex: Check function auth guards
- Verify user is logged in
- Check spam folder
- Supabase: Verify email is enabled in Authentication → Settings
- Convex: Check your Auth.js email provider configuration
- Supabase: Add
http://localhost:19006to Project Settings → API → Allowed Origins - Convex: CORS is handled automatically
Next Steps
Social Login
Add Google, Apple, and other OAuth providers
Database & Backend
Store user data, files, and build backend features
User Preferences
Save app settings per user with Zustand
Push Notifications
Send notifications to authenticated users

