Skip to main content
Dreamlit securely connects to your Supabase project using OAuth2. No need to manage any API keys, setup edge functions, or write any code. It’s just one-click to setup:
Configuring Supabase with Dreamlit

Supabase Auth emails

The default Supabase Auth configuration is not production-ready. This means if you’re using Supabase Auth for user authentication, you’ll need to set up a proper email sender for all your auth emails—otherwise your users will not receive these critical emails from your app.
You need custom auth emails if you’re using any of the following authentication methods:
  • Email and password accounts
  • Passwordless login (magic links or OTP sent via email)
  • Email-based user invitations (from dashboard or admin APIs)
  • Social login with email confirmation
Or if your app includes any of these features:
  • User sign-up with email verification
  • “Forgot password” functionality
  • Account email changes that require confirmation
  • Admin-invited users who receive invitation links
  • Passwordless login where users click a link in their email
Supabase default auth setup is intended for:
  • Exploring and getting started with Supabase Auth
  • Testing templates with team members
  • Toy projects, demos, or non-critical applications
But not for production apps, real users, or any mission-critical application.As such, the Supabase’s built-in auth emails have severe limitations:1. Only sends to team members
  • Blocks real users: Emails only go to addresses in your project’s team (managed in organization settings)
  • Error for everyone else: Non-team addresses fail with “Email address not authorized”
  • Example: If your team has 3 members, only those 3 email addresses can receive auth emails
2. Extreme rate limits
  • Currently limited to 4 emails per hour (can change without notice)
  • This means only 4 password resets, sign-ups, or magic links per hour for your entire app
  • Rate limits are subject to change at Supabase’s discretion
3. Poor deliverability4. No reliability guarantees
  • No SLA for delivery or uptime
  • Provided as “best-effort” only
  • Explicitly stated as not for production use
Supabase provides two options for configuring email sending for Supabase Auth:

Configure SMTP

Setup: Add SMTP credentials in Supabase dashboardPros: Easier to get going compared with Auth HooksCons: Still uses Supabase’s basic templates, and must be customized in the Supabase dashboard (with no AI). Limited to their template variables. Must manage SMTP credentials.

Setup Auth Hooks

Setup: Write and deploy webhook endpointsPros: Full control over emailsCons: Requires backend development. Must handle email sending logic. Need to manage infrastructure. Complex error handling and retriesThis is the approach that Dreamlit takes - but handles all the complexity for you behind the scenes. Simply authorize your Supabase project with Dreamlit, and click “Setup Supabase Auth”.

Setting up Supabase Auth with Dreamlit

It’s just one more click to ensure your users are receiving auth emails. Dreamlit handles all the complexity for you behind the scenes.
Configuring Supabase Auth with Dreamlit

Configuring the 6 Supabase Auth email types with Dreamlit, in one-click.

If you select “Skip” you can always configure it later in the Settings -> Database Connections page (in the connection’s settings slideover).
You don’t need to use all six email types to benefit from this setup. Dreamlit will automatically handle whichever auth email events your app actually triggers—whether that’s one, two, or all six. The rest simply remain inactive until used.
How Dreamlit configures Supabase Auth for you When you opt-in for Dreamlit to configure Supabase Auth for you, Dreamlit will:
  • Setup a Supabase Auth Hook for your Supabase project. The hook invokes a tiny custom Dreamlit managed function that simply logs the email event to the dreamlit.event_log table, allowing Dreamlit to start monitoring this event and trigger the appropriate workflow.
  • Automatically create and publish 6 workflows for you in Dreamlit, one for each of the auth email types in Supabase Auth (password reset, magic link, reauthentication, email change, confirm email, and invite link) that respond to the email events triggered by the auth hook.
  • Generate beautiful default templates branded with your app name and sender.
Of course, you can customize these templates anytime using Dreamlit’s workflow builder or by simply asking the Workflow AI to make changes. Want a different tone? New design? Additional content or personalization? Just describe what you want, and the AI will update everything accordingly.
If you have already configured Supabase Auth emails, Dreamlit will not overwrite your existing configuration.If you’d like to use Dreamlit for your auth emails, you will need to first remove your existing Supabase Auth email configuration before you can configure it with Dreamlit.

How to trigger auth emails

When you configure auth emails through Dreamlit’s setup process, we automatically install a Supabase Auth Hook in your project. This hook intercepts auth events and routes them to Dreamlit for custom email delivery. Supabase Auth emails work differently than regular workflows in Dreamlit. They’re triggered by Supabase API calls from your app, which Supabase relays to Dreamlit. This means auth emails ONLY trigger when your app calls Supabase auth APIs. Your app code must invoke the appropriate method for each email type:
Email TypeSupabase API MethodWhen to Use
Password Resetsupabase.auth.resetPasswordForEmail()User clicks “Forgot Password”
Magic Linksupabase.auth.signInWithOtp()For passwordless login (magic link or OTP)
Reauthenticationsupabase.auth.reauthenticate()Before password change (if Secure Password Change enabled)
Email Changesupabase.auth.updateUser({email})Changing user email (if Secure Email Change enabled)
Confirm Emailsupabase.auth.signUp()New user registration (if Confirm Email enabled)
Invite Linksupabase.auth.admin.inviteUserByEmail()Admin inviting new users
To reemphasize: Supabase specific auth emails are not triggered by persisting events to your database. Auth emails only work through Supabase API calls.

Making schema changes safely

As your application evolves, you’ll need to update your database schema. To ensure your Dreamlit workflows continue running smoothly during schema migrations, we recommend one of the following approaches:
If you don’t mind brief downtime for your workflows, this is the quickest approach.
  1. Unpublish any workflows referencing the old column/table.
  2. Apply your schema update.
  3. Adjust your Dreamlit workflow steps to reference the new schema.
  4. Publish your workflow again.
You can follow the “expand, migrate, and contract pattern” to make your schema changes.
  1. Add new columns or tables.
  2. Write to both old and new columns from your application.
  3. Backfill data into the new columns or tables.
  4. Update your Dreamlit workflow to reference the new columns/tables, and possibly update your application to reference the new columns/tables.
  5. Remove (or rename) the old columns/tables once no longer needed.
This approach avoids downtime for dependent workflows.

Technical deep dive: how Dreamlit configures your database

Dreamlit is designed to be robust and performant, resilient to a wide range of failure scenarios. The very first time you set up a database connection, Dreamlit creates a dreamlit schema and an event_log table inside it. Then, whenever you publish a workflow containing a Database Trigger step, Dreamlit creates:
  1. A table trigger on the specified table, which activates whenever a relevant insert or update occurs.
  2. A trigger function in the dreamlit schema that runs when the trigger fires, which simply logs a row to the dreamlit.event_log table indicating that a new event has occurred.
From there, Dreamlit efficiently monitors the dreamlit.event_log table, and whenever it sees a new row matching an active trigger, it launches the associated workflow.
In addition to the event_log table, Dreamlit may create other small housekeeping tables in the dreamlit schema. It never writes to your existing tables (beyond installing triggers).
A schema is a grouping of tables, functions, and other database objects. It’s a way for you organize your tables, often for security reasons. See here for more.Dreamlit manages its objects in a dedicated schema so that it provides a clean separation between your application and the Dreamlit-managed objects. Dreamlit’s approach allows for events to be detected in realtime, while ensuring events don’t get lost. This separate schema approach is inspired by similar techniques used in other tools like Supabase and Hasura.

dreamlit_app database user

When you first connect your Supabase project to Dreamlit via the Oauth flow, Supabase creates a separate dreamlit_app database user, with minimal permissions, that is in charge of managing the dreamlit schema. This is the database user that is then passed back to Dreamlit for use in your dashboard and workflows.

Uninstalling Dreamlit

If you ever want to remove Dreamlit entirely:
  1. Unpublish all workflows that depend on your Supabase connection (this removes triggers/functions).
  2. Delete the connection in the Dreamlit dashboard.
  3. (Optional) Drop the dreamlit schema to remove all Dreamlit-managed objects.
That’s it! By connecting Supabase to Dreamlit, you can create powerful, real-time workflows triggered by database changes — without writing any custom code in your application.