Skip to main content
Let your visitors sign up and log in to your site with email/password or social providers like Google and GitHub. There are three ways to get this wired up.
This guide is about authentication for your app’s visitors — the users who sign in to the site you built. Your own Hiveku account login is separate and managed for you.

Easiest

Ask the AI assistant

Visual

Use the Auth panel

For developers

Edit Supabase config
All three paths live in the same place: 
Project > Database > Auth tab
The Auth tab is organized into six sub-tabs: Roles, RLS, OAuth, SMTP, Policies, and Templates.

Option 1: Ask the AI Assistant (Easiest)

1

Open the AI chat

Click the AI tab in your project’s left panel.
2

Describe what you want

Be specific about providers and fallback behavior:
Add Google sign-in to my site with email/password as a fallback.
Redirect users to /dashboard after login.
3

Provide your OAuth credentials when prompted

The AI will ask for the client ID and secret from your Google OAuth app. If you don’t have one yet, follow Create a Google OAuth App first.
4

Review and deploy

The AI wires up your sign-in/sign-up pages, auth hooks, and Supabase policies. Click Deploy to push live.

Option 2: Auth Panel (Visual)

Open Database > Auth and work through the sub-tabs.

OAuth Providers

1

Pick a provider

On the OAuth tab, toggle on any of: Google, GitHub, Apple, Discord, Facebook, Spotify, Slack, LinkedIn.
2

Create an OAuth app in the provider's console

Each provider needs you to register an app to get a client ID and secret. For Google, see Create a Google OAuth App.When the provider asks for the redirect URL, paste this exact format:
https://{your-supabase}.supabase.co/auth/v1/callback
Your Supabase reference is shown at the top of the Auth panel.
3

Paste credentials into Hiveku

Back in the Auth panel, paste the Client ID and Client Secret into the fields next to the provider toggle. Click Save.
4

Hiveku syncs to Supabase

Hiveku applies the config to Supabase Auth via the Management API. No manual dashboard work needed.

Email/Password

Email sign-up requires transactional email to work. Configure SMTP first (on the SMTP tab) — Hiveku supports SendGrid, Postmark, Resend, AWS SES, and generic SMTP. Once SMTP is configured, email/password sign-up, password reset, and email verification all work automatically.

Roles, RLS, and Policies

  • Roles — define app roles (e.g., admin, editor, viewer) used by your frontend
  • RLS — row-level security toggles per table
  • Policies — pre-built templates you can apply with one click:
    • Public read
    • Authenticated read
    • Owner access (users only see their own rows)
    • Admin-only
    • Service-role-only
Start with Owner access for most user-generated tables. It’s the safest default — users can only read/write their own rows.

Templates

Customize the look and copy of auth emails: verification, password reset, magic link, email change. Variables like {{ .ConfirmationURL }} are inserted at send time.

Option 3: Edit Supabase Config Directly

For advanced setups (custom hooks, SAML, MFA beyond the built-ins), click Open Supabase Studio from the Auth tab header. You land in the linked Supabase project’s Auth settings with full control.
Changes you make directly in Supabase Studio won’t always reflect back in the Hiveku Auth panel. Prefer editing through Hiveku when possible so the UI stays in sync.

Verifying Auth Works

1

Visit your live site

Open https://{project}.hiveku.com in an incognito window.
2

Sign up as a test user

Use a throwaway email (or a Gmail alias: you+test@gmail.com). Complete the flow.
3

Check the Users panel

Back in Hiveku, go to Database > Auth > Users. Your test user should appear.
4

Test OAuth if enabled

Sign out, then click your Google/GitHub/etc. button. You should be redirected to the provider, approve, then land back on your site signed in.

Troubleshooting

The redirect URL in your provider’s OAuth console must match exactly — including https://, the correct Supabase subdomain, and /auth/v1/callback. Copy the URL shown at the top of the Hiveku Auth panel and paste it into the provider console exactly.
Row-level security is likely enabled without a policy. Either add a policy (the Owner access template is a good default) or use the service role key in backend code. See the Policies sub-tab.
SMTP isn’t configured or is misconfigured. Go to Database > Auth > SMTP and set up a provider. Without SMTP, Supabase uses a low-volume default that won’t scale and may silently drop messages.
Your Google OAuth app is in testing mode. Either add test users in the Google Cloud Console (OAuth consent screen > Test users), or submit the app for verification. Internal apps inside a Google Workspace don’t need verification.
Check whether email confirmation is required (Auth settings). If yes, the user needs to click the verification link before logging in. You can also disable confirmation requirement while testing.

What’s Next?

Create Database Tables

Build the schema your authenticated users will read and write

Create a Google OAuth App

Step-by-step walkthrough for Google sign-in