惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

K
Kaspersky official blog
T
Threat Research - Cisco Blogs
N
News and Events Feed by Topic
Hacker News: Ask HN
Hacker News: Ask HN
Project Zero
Project Zero
Application and Cybersecurity Blog
Application and Cybersecurity Blog
博客园 - 叶小钗
Security Latest
Security Latest
Spread Privacy
Spread Privacy
aimingoo的专栏
aimingoo的专栏
N
News and Events Feed by Topic
Webroot Blog
Webroot Blog
U
Unit 42
Cyberwarzone
Cyberwarzone
小众软件
小众软件
Scott Helme
Scott Helme
Engineering at Meta
Engineering at Meta
Microsoft Security Blog
Microsoft Security Blog
T
The Blog of Author Tim Ferriss
A
About on SuperTechFans
爱范儿
爱范儿
S
Schneier on Security
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Schneier on Security
Schneier on Security
Latest news
Latest news
GbyAI
GbyAI
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Simon Willison's Weblog
Simon Willison's Weblog
The Register - Security
The Register - Security
WordPress大学
WordPress大学
博客园_首页
Blog — PlanetScale
Blog — PlanetScale
PCI Perspectives
PCI Perspectives
Jina AI
Jina AI
AI
AI
NISL@THU
NISL@THU
I
Intezer
G
GRAHAM CLULEY
B
Blog
S
Secure Thoughts
IT之家
IT之家
宝玉的分享
宝玉的分享
Recent Announcements
Recent Announcements
Y
Y Combinator Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
酷 壳 – CoolShell
酷 壳 – CoolShell
有赞技术团队
有赞技术团队
V2EX - 技术
V2EX - 技术
Recorded Future
Recorded Future
Hacker News - Newest:
Hacker News - Newest: "LLM"

Supabase Blog

AI Agents Know About Supabase. They Don't Always Use It Right. Custom OIDC Providers for Supabase Auth 100,000 GitHub stars Supabase docs over SSH Navigating Regional Network Blocks Supabase Joins the Stripe Projects Developer Preview Log Drains: Now available on Pro Supabase Storage: major performance, security, and reliability updates Supabase incident on February 12, 2026 Hydra joins Supabase X / Twitter OAuth 2.0 is now available for Supabase Auth BKND joins Supabase Supabase is now an official Claude connector Supabase PrivateLink is now available Introducing: Postgres Best Practices When to use Read Replicas vs. bigger compute Introducing TRAE SOLO integration with Supabase Supabase Security Retro: 2025 Sync Stripe Data to Your Supabase Database in One Click Building ChatGPT Apps with Supabase Edge Functions and mcp-use Own Your Observability: Supabase Metrics API Introducing iceberg-js: A JavaScript Client for Apache Iceberg Introducing Supabase for Platforms Adding Async Streaming to Postgres Foreign Data Wrappers Build "Sign in with Your App" using Supabase Auth The new Supabase power for Kiro Introducing Supabase ETL Introducing Analytics Buckets Introducing Vector Buckets Snap, Inc. Launches Snap Cloud, Powered by Supabase Triplit joins Supabase Supabase Series E 1000 Y Combinator Founders Choose Supabase gm 👋 web3, welcome aboard to Sign in with Web3 (Solana, Ethereum) Announcing the Supabase Remote MCP Server Enterprise speed, enterprise standards with Bolt Cloud + Supabase PostgREST 13 Lovable Cloud + Supabase: The Default Platform for AI Builders Processing large jobs with Edge Functions, Cron, and Queues Defense in Depth for MCP Servers OrioleDB Patent: now freely available to the Postgres community Supabase Launch Week 15 Hackathon Winner Announcement The Vibe Coder's Guide to Supabase Environments Testing for Vibe Coders: From Zero to Production Confidence The Vibe Coding Master Checklist Vibe Coding: Best Practices for Prompting Supabase Auth: Build vs. Buy Top 10 Launches of Launch Week 15 Supabase Launch Week 15 Hackathon Storage: 10x Larger Uploads, 3x Cheaper Cached Egress, and 2x Egress Quota Persistent Storage and 97% Faster Cold Starts for Edge Functions Algolia Connector for Supabase New Observability Features in Supabase Improved Security Controls and A New Home for Security Introducing Branching 2.0 Stripe-To-Postgres Sync Engine as standalone Library Supabase Analytics Buckets with Iceberg Support Create a Supabase backend using Figma Make Introducing JWT Signing Keys Supabase UI: Platform Kit Build a Personalized AI Assistant with Postgres Announcing Multigres: Vitess for Postgres Building on open table formats Open Data Standards: Postgres, OTel, and Iceberg Simplifying back-end complexity with Supabase Data APIs PostgreSQL Event Triggers without superuser access Top 10 Launches of Launch Week 14 Supabase MCP Server Data API Routes to Nearest Read Replica Declarative Schemas for Simpler Database Management Realtime: Broadcast from Database Keeping Tabs on What's New in Supabase Studio Edge Functions: Deploy from the Dashboard + Deno 2.1 Automatic Embeddings in Postgres Introducing the Supabase UI Library Supabase Auth: Bring Your Own Clerk Postgres Language Server: Initial Release Migrating from Fauna to Supabase Migrating from the MongoDB Data API to Supabase Dedicated Poolers Postgres as a Graph Database: (Ab)using pgRouting AI Hackathon at Y Combinator Calendars in Postgres using Foreign Data Wrappers Supabase Launch Week 13 Hackathon Winners How to Hack the Base! Running Durable Workflows in Postgres using DBOS database.build v2: Bring-your-own-LLM Restore to a New Project Hack the Base! with Supabase Top 10 Launches of Launch Week 13 Supabase Queues High Performance Disk Supabase Cron Supabase CLI v2: Config as Code Supabase Edge Functions: Introducing Background Tasks, Ephemeral Storage, and WebSockets Supabase AI Assistant v2 OrioleDB Public Alpha Executing Dynamic JavaScript Code on Supabase with Edge Functions ClickHouse Partnership, improved Postgres Replication, and Disk Management Live Share: Connect to in-browser PGlite with any Postgres client
Introducing Seven New Email Templates for Supabase Auth
Fady Abdelmalik, Danny White · 2025-12-03 · via Supabase Blog

Introducing Seven New Email Templates for Supabase Auth

Today we're releasing 7 new email notification templates for Supabase Auth. These security-related emails can be used to notify users when sensitive actions happen on their account to help surface any suspicious activity.

For example, a user may receive an email that their password was changed, or that their email address was updated to suspicious@example.com.

To start, we're introducing the following security notification email templates:

  • Password changed - Notify users when their password has changed
  • Email address changed - Notify users when their email address has changed
  • Phone number changed - Notify users when their phone number has changed
  • Identity linked - Notify users when a new identity (e.g.: GitHub) has been linked to their account
  • Identity unlinked - Notify users when an identity (e.g.: GitHub) has been unlinked from their account
  • Multi-factor authentication (MFA) method added - Notify users when a new multi-factor authentication method has been added to their account
  • Multi-factor authentication (MFA) method removed - Notify users when a multi-factor authentication method has been removed from their account

Each notification includes relevant context depending on the event. For example, the old email when an address changes, the provider name when an identity is linked or unlinked, or the specific MFA method that was modified. This helps users quickly identify whether the action was legitimate.

Dashboard#

As part of this release, we've also taken some time to give the Emails section in the Dashboard a refresh and a dedicated section in the sidebar. Each security notification can be enabled or disabled individually, and the content can be customized to match your brand and tone.

You can edit and preview the email templates directly from the Dashboard and use template variables to customize the content.

CLI#

You can also manage the new security notification templates through the Supabase CLI by updating your supabase/config.toml file:


_10

[auth.email.notification.password_changed]

_10

enabled = true

_10

subject = "Your password has been changed"

_10

content_path = "./templates/password_changed_notification.html"

_10

_10

[auth.email.notification.mfa_factor_enrolled]

_10

enabled = true

_10

subject = "A new MFA method has been added to your account"

_10

content_path = "./templates/mfa_factor_enrolled_notification.html"


where content_path is a relative path to the HTML file for the email template. The notification types can be any of the following:

  • password_changed
  • email_changed
  • phone_changed
  • identity_linked
  • identity_unlinked
  • mfa_factor_enrolled
  • mfa_factor_unenrolled

For more details, see the Local Dev / CLI Configuration Reference.

Management API#

For programmatic management of the new security notification templates, you can use the Supabase Management API to fetch and update the email templates. For example, to enable the MFA factor enrolled notification and customize its content, you can make a PATCH request to the Auth service configuration endpoint:


_13

# Get your access token from <https://supabase.com/dashboard/account/tokens>

_13

export SUPABASE_ACCESS_TOKEN="your-access-token"

_13

export PROJECT_REF="your-project-ref"

_13

_13

# Update email templates

_13

curl -X PATCH "<https://api.supabase.com/v1/projects/$PROJECT_REF/config/auth>" \

_13

-H "Authorization: Bearer $SUPABASE_ACCESS_TOKEN" \

_13

-H "Content-Type: application/json" \

_13

-d '{

_13

"mailer_notifications_mfa_factor_enrolled_enabled": true,

_13

"mailer_subjects_mfa_factor_enrolled_notification": "A new MFA factor has been enrolled",

_13

"mailer_templates_mfa_factor_enrolled_notification_content": "<h2>A new MFA factor has been enrolled</h2><p>A new factor ({{ .FactorType }}) has been enrolled for your account {{ .Email }}.</p>"

_13

}'


Once enabled, users will receive an email notifying them when their MFA factors have modified on their account.

You can find the complete list of available fields in the Management API reference.

Security notifications are also supported through the Auth email send hook, with new email_action_type values for each notification:

  • password_changed_notification
  • email_changed_notification
  • phone_changed_notification
  • identity_linked_notification / identity_unlinked_notification
  • mfa_factor_enrolled_notification / mfa_factor_unenrolled_notification

The hook payload includes contextual data like old_email, provider, and factor_type, enabling custom email providers and internationalization for security notifications.

For example, you can configure the Auth email send hook to send a password changed notification using Resend's brand new email templates feature via a Supabase Edge Function:


_67

import { Webhook } from '<https://esm.sh/standardwebhooks@1.0.0>'

_67

import { Resend } from 'npm:resend@6.4'

_67

_67

const resend = new Resend(Deno.env.get('RESEND_API_KEY'))

_67

const hookSecret = Deno.env.get('SEND_EMAIL_HOOK_SECRET')

_67

_67

Deno.serve(async (req) => {

_67

if (req.method !== 'POST') {

_67

return new Response('method not allowed', {

_67

status: 405,

_67

})

_67

}

_67

_67

const payload = await req.text()

_67

const headers = Object.fromEntries(req.headers)

_67

const wh = new Webhook(hookSecret)

_67

_67

try {

_67

const {

_67

user,

_67

email_data: { email_action_type },

_67

} = wh.verify(payload, headers)

_67

_67

// Handle the different notification types

_67

if (email_action_type === 'password_changed_notification') {

_67

const { error } = await resend.emails.send({

_67

to: user.email,

_67

template: {

_67

id: 'password_changed_notification',

_67

variables: {

_67

CURRENT_EMAIL: user.email,

_67

},

_67

},

_67

})

_67

_67

if (error) {

_67

console.error('failed to send email:', error)

_67

return Response.json(

_67

{

_67

error: {

_67

http_code: error.code,

_67

message: error.message,

_67

},

_67

},

_67

{

_67

status: 500,

_67

}

_67

)

_67

}

_67

}

_67

} catch (error) {

_67

console.error('failed to verify webhook:', error)

_67

return Response.json(

_67

{

_67

error: {

_67

http_code: error.code,

_67

message: error.message,

_67

},

_67

},

_67

{

_67

status: 401,

_67

}

_67

)

_67

}

_67

_67

return Response.json({})

_67

})


Check out the guide for a complete example on how to send Custom Auth Emails with Resend.

We're planning on adding more security-related email notifications in the future, such as notifying a user when a new device has been used to log into their account or when suspicious activity is detected.

We'd love to hear your feedback on which notifications would be most useful for your application and how we can improve the existing templates.

Here are some resources to help you get started:

Have questions or feedback? Join our Discord community or open a GitHub issue.