Where does Supabase handle the OAuth callback?

Supabase handles the initial OAuth callback at /auth/v1/callback on your project URL. Your app then receives the session via a redirect to your redirectTo URL.

Why do I get 'Redirect URL not allowed'?

The URL your app is redirecting to is not in Supabase's Redirect URLs list. Add it in Dashboard → Authentication → URL Configuration.

Do I need to set up CORS for Supabase Auth?

Supabase Auth handles CORS for its own endpoints. You may need CORS config for Supabase Edge Functions — that is separate from Auth.

OAuth

Fix OAuth Errors in Supabase Auth

Updated April 2026

 Reading this article? Verify your fix in real-time. Debug your Supabase Auth error → OAuthFixer

Supabase Auth handles OAuth provider configuration in the dashboard. Errors usually come from missing redirect URLs in your Supabase project settings or incorrect provider app credentials.

Step 1 — Enable the provider in Supabase dashboard

# Supabase Dashboard → Authentication → Providers
# Enable your provider (Google, GitHub, Discord, etc.)
# Enter Client ID and Client Secret from the provider's developer console

Step 2 — Add Site URL and Redirect URLs

# Dashboard → Authentication → URL Configuration

Site URL: https://yourapp.com

Redirect URLs (add ALL your environments): https://yourapp.com/auth/callback https://yourapp.com/** http://localhost:3000/auth/callback http://localhost:3000/**

Step 3 — Add Supabase callback URL to your provider

Supabase has its own callback URL that you must register with the OAuth provider:

# Your Supabase callback URL format:
https://YOUR-PROJECT-REF.supabase.co/auth/v1/callback

# Register this URL in:
# Google: Authorized redirect URIs
# GitHub: Authorization callback URL
# Discord: Redirects

Common error — AuthSessionMissingError

// Fix: ensure you handle the auth callback in your app
// Next.js App Router
// app/auth/callback/route.ts
import { createRouteHandlerClient } from "@supabase/auth-helpers-nextjs";
import { cookies } from "next/headers";
import { NextResponse } from "next/server";

export async function GET(request: Request) { const { searchParams } = new URL(request.url); const code = searchParams.get("code"); if (code) { const supabase = createRouteHandlerClient({ cookies }); await supabase.auth.exchangeCodeForSession(code); } return NextResponse.redirect(new URL("/dashboard", request.url));
}

Common error — redirect URL not allowed

# Error: "Redirect URL not allowed"
# Fix: Add the URL to Redirect URLs in Supabase dashboard
# Dashboard → Authentication → URL Configuration → Redirect URLs

# Add wildcard for development:
http://localhost:3000/**

# Add specific path for production:
https://yourapp.com/auth/callback

Supabase OAuth in your frontend

import { createClient } from "@supabase/supabase-js";

const supabase = createClient(SUPABASE_URL, SUPABASE_ANON_KEY);

// Trigger OAuth flow
const { error } = await supabase.auth.signInWithOAuth({ provider: "google", options: { redirectTo: "https://yourapp.com/auth/callback", },
});

Debug your Supabase Auth error → OAuthFixer