Feature request
Allow signing up a user without creating a session, controllable per request (for example a create_session: false body parameter on POST /signup), independent of the email/phone confirmation setting.
Motivation
Today the /signup endpoint creates a session whenever the user is auto-confirmed: it issues a refresh token and returns a session. A session is only omitted when email/phone confirmation is required.
Several client SDK users want to create a confirmed user without immediately signing them in, then sign them in explicitly later (or after some post-signup processing). There is currently no way to do this short of:
- requiring email/phone confirmation (changes the whole project's auth flow), or
- creating users via the admin API in an Edge Function (extra overhead).
Proposed solution
Add an opt-in request parameter to /signup (e.g. create_session: false) that creates/confirms the user as usual but returns the user object without issuing a session/refresh token. Clients can then call sign-in explicitly when ready.
Downstream
This blocks supabase/supabase-flutter#1063 (and there have been equivalent requests in other client SDKs). Client libraries can expose a createSession parameter on signUp once the server supports it.
Feature request
Allow signing up a user without creating a session, controllable per request (for example a
create_session: falsebody parameter onPOST /signup), independent of the email/phone confirmation setting.Motivation
Today the
/signupendpoint creates a session whenever the user is auto-confirmed: it issues a refresh token and returns a session. A session is only omitted when email/phone confirmation is required.Several client SDK users want to create a confirmed user without immediately signing them in, then sign them in explicitly later (or after some post-signup processing). There is currently no way to do this short of:
Proposed solution
Add an opt-in request parameter to
/signup(e.g.create_session: false) that creates/confirms the user as usual but returns the user object without issuing a session/refresh token. Clients can then call sign-in explicitly when ready.Downstream
This blocks supabase/supabase-flutter#1063 (and there have been equivalent requests in other client SDKs). Client libraries can expose a
createSessionparameter onsignUponce the server supports it.