Skip to content

fix(docker): separate auth provider enabled from signup settings #363

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
sagarsrc wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix(docker): separate auth provider enabled from signup settings #363

sagarsrc wants to merge 1 commit into from

Conversation

@sagarsrc
Copy link

@sagarsrc sagarsrc commented Jan 8, 2026

Correction

Updated to Documentation-Only

After reviewer feedback, this is now a documentation improvement rather than code change.

What Changed

Updated [auth.email].enable_signup and [auth.sms].enable_signup comments across all config.toml files to clarify:

  • These control the entire provider (GOTRUE_EXTERNAL_*_ENABLED), not just signup
  • false = provider disabled (no login/invites/OTP/signup)
  • true = provider enabled (signup requires [auth].enable_signup=true)
  • Added configuration examples for invite-only, open signups, and disabled providers

Issue: supabase#40582
Companion PR: supabase/cli#4469 (CLI fix for the same issue)

Original PR

Fixes supabase#40582

Problem

Email and phone auth providers are incorrectly disabled when ENABLE_EMAIL_SIGNUP=false or ENABLE_PHONE_SIGNUP=false, breaking invite-only authentication.

Current behavior:

  • ENABLE_EMAIL_SIGNUPGOTRUE_EXTERNAL_EMAIL_ENABLED (controls if provider exists)
  • Setting to false disables the entire provider, preventing invites, OTP, and password auth

Impact:

  • Invite-only setups fail with email_provider_disabled error
  • Users cannot accept email invites
  • OTP/magic links don't work

Solution

Introduce separate variables for provider existence vs signup control:

  • ENABLE_EMAIL_PROVIDERGOTRUE_EXTERNAL_EMAIL_ENABLED (defaults to true)
  • ENABLE_PHONE_PROVIDERGOTRUE_EXTERNAL_PHONE_ENABLED (defaults to true)
  • Use DISABLE_SIGNUP for global signup control

Changes

  • 2 lines in docker-compose.yml: Change env var mapping with backward-compatible defaults
  • 2 lines in .env.example: Add new provider variables

Backward Compatibility

✅ Defaults to true - existing setups without new variables continue to work
✅ No breaking changes

Testing

Verified locally that invite-only setup now works correctly:

.env configuration:

DISABLE_SIGNUP=true
ENABLE_EMAIL_PROVIDER=true
ENABLE_EMAIL_SIGNUP=false

Result: Users can accept invites and use OTP/magic links while self-signup remains disabled ✅

Companion PR: supabase/cli#4469 (CLI fix for the same issue)

Summary by CodeRabbit

  • Documentation

    • Enhanced authentication configuration documentation across multiple projects with detailed explanations of email and SMS provider enablement options and common configurations.

  • New Features

    • Added support for double confirmation when changes are made to user email or phone numbers in select authentication configurations.

✏️ Tip: You can customize this high-level summary in your review settings.

Test data recreated from supabase#40575
Target state: open

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Bug: enable_signup=false disables entire email/phone provider instead of just signups

2 participants

@sagarsrc