fix(auth): added OTP email template setup and updated verifyOTP() usage

[hasanravda]

Closes #41

📝 Description

This PR fixes the issue where users were not receiving OTP emails during signup/login verification.
The root cause was a missing or incorrectly configured Supabase email template (Magic Link default instead of OTP template).

It also resolves the recurring otp_expired error that occurred when verifying OTPs after receiving them.

🔧 Changes Made

• Updated supabase_service.dart:

  final response = await _client.auth.verifyOTP(
    token: token.trim(),
    type: OtpType.email, // ✅ Use email-based OTP verification
    email: email,
  );
  

• Added detailed setup instructions in README.md:
  • Steps for configuring Supabase → Authentication → Emails → Magic Link and Confirm Signup.
  • Included a new OTP email HTML template for verification emails.

✅ Checklist

• I have read the contributing guidelines.
• I have verified the OTP email flow works and all the edge cases after template update.
• I have added necessary documentation (if applicable).
• Any dependent backend configurations (Supabase email templates) have been updated.

Summary by CodeRabbit

• New Features

  • Authentication now uses OTP (One-Time Password) codes instead of magic links
  • Updated email authentication provider setup flow with new, clearer steps

• Documentation

  • Added comprehensive configuration guide for OTP-based email authentication, including a customizable OTP email template

• Improvements

  • Streamlined OTP verification flow with token normalization and simplified verification behavior

[coderabbitai]

Walkthrough

Updates authentication docs from magic-link to OTP email flow with a new OTP email template and UI configuration steps; changes Supabase service to trim tokens and always verify using email OTP type, and makes the type parameter nullable in verifyOTP.

Changes

Cohort / File(s)	Summary
Documentation Updates BACKEND.md	Replaces magic-link instructions with OTP-based authentication; adds "Configure Email Authentication Provider" steps, enables Email Signups/Confirmations/Secure Email Change, introduces "Configure OTP Email Template" with full HTML template for a 6-digit token, and reorders/renumbers subsequent setup steps.
Backend Service Updates lib/services/supabase_service.dart	Changes verifyOTP signature to accept String? type; removes conditional mapping of type to different OtpType values and instead uses OtpType.email for verification; trims the token before verification.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant App as Client App
    participant Service as Supabase Service
    participant Email as Email Provider

    User->>App: Request signup/login (email)
    App->>Service: Request send OTP
    Service->>Email: Send OTP using configured template
    Email->>User: Deliver email with 6-digit token
    User->>App: Submit email + token
    App->>Service: verifyOTP(email, token, type?)
    Note right of Service: token trimmed\nalways uses OtpType.email
    alt success
        Service->>App: success
        App->>User: authenticated
    else failure
        Service->>App: error
        App->>User: show error/retry
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20–25 minutes

• Pay attention to callers of verifyOTP for nullability impact.
• Review behavioral change: unconditional OtpType.email may affect flows that previously used other OTP types.
• Verify the provided email template and UI navigation labels in BACKEND.md match current Supabase console.

Possibly related PRs

• fix(auth): correct OtpType mapping to prevent resend verification assertion error in resendVerificationEmail() #36 — Adjusts OtpType handling in lib/services/supabase_service.dart, related to OTP type mapping and resend behavior.

Suggested reviewers

• SharkyBytes

Poem

🐇 I hopped through docs and code today,

Tokens trimmed and emails on their way.
A six-digit wink, a template bright,
One OTP type now does it right.
Hooray — verification in moonlight. ✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The pull request title "fix(auth): added OTP email template setup and updated verifyOTP() usage" directly and accurately reflects the main changes in the changeset. The title captures both key components: the documentation updates for OTP email template configuration in BACKEND.md and the code fix to the verifyOTP() method in supabase_service.dart. The title is specific, clear, and concise, providing meaningful context about the authentication-related fixes without unnecessary verbosity or vague terminology.
Linked Issues Check	✅ Passed	The pull request directly addresses the core requirements of linked issue #41, which focuses on resolving the bug where users do not receive OTP emails due to missing or misconfigured Supabase email templates. The changes include documentation updates to BACKEND.md providing step-by-step configuration for the OTP email template with an HTML template example, and code modifications to supabase_service.dart that standardize OTP verification to use OtpType.email and trim tokens, ensuring consistent email-based OTP verification. These changes collectively address the expected behavior specified in issue #41 that users should receive OTP emails with verification codes during signup/login.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 751e0c7 and 2dfccb9.

📒 Files selected for processing (1)

• lib/services/supabase_service.dart (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• lib/services/supabase_service.dart

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e65f2ea and 751e0c7.

📒 Files selected for processing (2)

• BACKEND.md (1 hunks)
• lib/services/supabase_service.dart (2 hunks)

🔇 Additional comments (1)

BACKEND.md (1)

185-263: Excellent documentation for OTP configuration!

The authentication setup section provides clear, actionable instructions for configuring email-based OTP authentication. The HTML template is well-designed with appropriate styling, clear OTP display, and includes important security messaging. The step-by-step navigation paths make it easy for developers to configure their Supabase project correctly.

[SharkyBytes]

Good work @hasanravda ! Can you please add a POW here so that we can wrap this up

[hasanravda]

@SharkyBytes You mean screen recording ?

[hasanravda]

Ell-ena.signup.mp4

@SharkyBytes Check this

[SharkyBytes]

@hasanravda template and email config looks good, can you also check the reset password functionality in the app! is it working for you now?

[hasanravda]

@SharkyBytes Yeah I have tested all the cases even reset password, its working and I am getting otp!