verifyOTP method

Future<AuthResponse> verifyOTP({
  1. String? email,
  2. String? phone,
  3. String? token,
  4. required OtpType type,
  5. String? redirectTo,
  6. String? captchaToken,
  7. String? tokenHash,

Log in a user given a User supplied OTP received via mobile.

phone is the user's phone number WITH international prefix

token is the token that user was sent to their mobile phone

tokenHash is the token used in an email link


Future<AuthResponse> verifyOTP({
  String? email,
  String? phone,
  String? token,
  required OtpType type,
  String? redirectTo,
  String? captchaToken,
  String? tokenHash,
}) async {
  assert((email != null && phone == null) || (email == null && phone != null),
      '`email` or `phone` needs to be specified.');
  assert(token != null || tokenHash != null,
      '`token` or `tokenHash` needs to be specified.');

  final body = {
    if (email != null) 'email': email,
    if (phone != null) 'phone': phone,
    if (token != null) 'token': token,
    'type': type.snakeCase,
    'redirect_to': redirectTo,
    'gotrue_meta_security': {'captchaToken': captchaToken},
    if (tokenHash != null) 'token_hash': tokenHash,
  final fetchOptions = GotrueRequestOptions(headers: _headers, body: body);
  final response = await _fetch
      .request('$_url/verify',, options: fetchOptions);

  final authResponse = AuthResponse.fromJson(response);

  if (authResponse.session == null) {
    throw AuthException(
      'An error occurred on token verification.',

  notifyAllSubscribers(type == OtpType.recovery
      ? AuthChangeEvent.passwordRecovery
      : AuthChangeEvent.signedIn);

  return authResponse;