How to set expiry time for reset password link - Supabase

Question

Have some doubts in Supabase reset-password

1. How can we make the email link a One-time click to reset the password? If the user uses that link again it should not reset the password.
2. How can we make the expiry time on the reset password link to 5 minutes?

Answer 1

1. You can send user password reset link on his email (example on Flutter):

   final response = await supabase.auth.api.resetPasswordForEmail('[email protected]');

When a user changes their password this link doesn't work anymore. If the user tries it again it will catch an error - “Email link is invalid or was expired”.

2. You can set up this parameter in your Supabase account. Project -> Authentication -> Settings -> Email -> Mailer OTP Expiration

I have example on Flutter web how to handle password recovery and so on: https://github.com/igdmitrov/aqniyet_web

You can check it as well.