LovableSupabaseBeginner8 min read

How to Set Up Supabase Auth in Lovable

Add email/password and social login to your Lovable app using Supabase Auth. No backend code needed — just the right prompts.

Before you start

  • A Lovable account with an existing app
  • A Supabase project connected to your Lovable app

Step by step

1

Enable Supabase in Lovable

If you haven't already, click the Supabase icon in Lovable's sidebar and connect your project.

Paste this into Lovable:

Connect my app to Supabase for authentication.
2

Create the auth pages

Tell Lovable to generate a sign-up page, login page, and the auth logic that connects to Supabase.

Paste this into Lovable:

Create a complete authentication system with:
1. A /login page with email and password fields
2. A /signup page with email, password, and confirm password
3. A /forgot-password page
4. Use Supabase Auth for all auth operations
5. Redirect to /dashboard after successful login
6. Show error messages for invalid credentials
7. Add a 'Sign in with Google' button
3

Enable Google OAuth in Supabase

Go to Supabase → Authentication → Providers → Google. Enable it and paste your Google OAuth client ID and secret from the Google Cloud Console.

# In Supabase Dashboard:
# Authentication → Providers → Google → Enable
# Add your Google Client ID and Secret
4

Protect routes with auth guards

Make sure logged-out users can't access protected pages like the dashboard.

Paste this into Lovable:

Add an auth guard that:
1. Checks if the user is logged in on every protected page
2. Redirects to /login if not authenticated
3. Shows a loading spinner while checking auth state
4. Wrap /dashboard and all sub-pages with this guard
5

Add a user menu to the navbar

Show the user's email and a sign-out button in the navigation bar when logged in.

Paste this into Lovable:

Add a user dropdown menu to the top-right of the navbar that shows:
1. The user's email address
2. A link to /settings
3. A 'Sign out' button that calls Supabase signOut and redirects to /login
4. Only show this when the user is logged in

Common errors

Auth redirect loop

The login page redirects to itself because the auth guard runs on the login page too.

Fix: Exclude /login, /signup, and /forgot-password from the auth guard.

Google sign-in popup closes immediately

Your redirect URL isn't configured in Supabase or Google Cloud Console.

Fix: Add your Lovable app URL to Supabase → Authentication → URL Configuration → Redirect URLs.

User not persisted after refresh

The auth state isn't being restored from the session.

Fix: Make sure Supabase's onAuthStateChange listener runs on app initialization.

Related guides

lovableStripe

How to Add Stripe Payments to Your Lovable App

lovableSupabase

How to Add File Storage to Your Lovable App with Supabase

generalSupabase

How to Set Up Supabase Row Level Security (RLS)

Weekly Newsletter

Get next week's fix before you need it.

Join developers getting weekly vibe coding tips, error fixes, and tool updates.

Subscribe on Substack →