feat(auth): add otp authentication flow

[deep-xu]

fix #74

🚀 Overview

This PR implements a hybrid authentication system using Supabase where users must complete both password authentication and OTP-based email verification.

The system ensures stronger security by combining traditional password login with an additional OTP verification step.

---

✨ Changes Made

• Integrated Supabase password-based authentication
• Added OTP verification step after password authentication
• Updated signup and login flows to support dual verification
• Implemented OTP handling and callback flow
• Improved authentication security with two-step verification
• Fixed duplicate request handling and optimized form submission

---

🔐 Authentication Flow

Authentication now requires both steps:

1. User enters email + password
2. System validates credentials
3. OTP is sent to user email
4. User enters OTP for final verification
5. Access granted only after successful OTP verification

---

📸 Screenshots

🔹 Signup Page

🔹 OTP Verification Screen

---

🧪 How to Test

1. Go to signup/login page
2. Enter email + password
3. Submit form
4. Check email for OTP
5. Enter OTP
6. Authentication completes successfully only after OTP verification

---

📌 Notes

• Both password and OTP are mandatory
• OTP is rate-limited by Supabase
• Ensure email provider is properly configured in Supabase

[vercel]

@deep-xu is attempting to deploy a commit to the prabhakarshukla's projects Team on Vercel.

A member of the Team first needs to authorize it.

[deep-xu]

Hi @prabhakarshukla, I have implemented the OTP authentication flow. Kindly review the changes and merge the PR if everything looks good...

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
eduflow-ai	Error		Jun 16, 2026 12:55pm

[prabhakarshukla]

@deep-xu ok will merge the till evening after reviewing it

[prabhakarshukla]

hey @deep-xu i was checking your pr while running the website locally
I saw that there is no OTP verification if I am creating a new account
its only working when i already i have a previous acc. and i have to just login and i dont remember the password for the same email ID
I think there should be a OTP verification during SignUp also

[anay-208]

@deep-xu I personally don't think an OTP based-authentication is required. It just adds more friction.
@prabhakarshukla what do you think

[anay-208]

It should be that if the user can't remember their password, they have the option to login via OTP, but using password + OTP everytime is just adding friction

[deep-xu]

Yeah okay 👍 I’ll check it and make sure that if the user can’t remember their password, they have the option to log in via OTP...

[prabhakarshukla]

@deep-xu I personally don't think an OTP based-authentication is required. It just adds more friction. @prabhakarshukla what do you think

ig otp will be helpful if someone forgets the password

[prabhakarshukla]

@deep-xu have u updated the PR??

[deep-xu]

Hi @prabhakarshukla, I have implemented the OTP-based password recovery flow. If a user forgets their password, they can now verify their identity using an OTP sent to their registered email address and securely reset their password...

[prabhakarshukla]

Hi @deep-xu

Thank you for the contribution.

While reviewing and testing the PR, I found that the build is currently failing due to TypeScript errors.

Current Issues

1. Supabase client typing issue

   • Property 'auth' does not exist on type '{}'

2. Undefined variable in dashboard

   • File: app/dashboard/page.tsx

   • Error:

     Cannot find name 'u'

   • The code references:

     timetable_slots_${u.user.id}

     but u is not defined in that scope.

I tried fixing the issues myself as a maintainer, but there seem to be some branch/PR synchronization issues on my side, so I'm unable to reliably push the fixes directly to your PR branch.

Request

Please review the above issues, apply the necessary fixes, and make sure the project builds successfully before requesting another review.

Kindly run:

npm run build

locally and verify that the build completes without any TypeScript or compilation errors.

Once the build passes and the fixes are pushed, I'll review the PR again.

[deep-xu]

Hi @prabhakarshukla, can you check once..

[prabhakarshukla]

Hi @prabhakarshukla, can you check once..

brother
please do the npm run build test its still failing to deploy
please take your time and dont rush

[prabhakarshukla]

The Vercel build is failing due to an unresolved Git merge conflict inside lib/supabase.ts.
Issue
The file contains Git conflict markers:

<<<<<<< HEAD

f82fb74 (feat: add otp verification)

Because of this, Turbopack cannot parse the file, and the build is breaking.
Fix Required

1. Open the file
   lib/supabase.ts
2. Remove all conflict markers

Delete everything like:

<<<<<<< HEAD

f82fb74
Keep only ONE correct implementation

Ensure Supabase client initialization is clean, for example:

const supabase = supabaseConfig
? createBrowserClient(
supabaseConfig.supabaseUrl,
supabaseConfig.supabaseAnonKey
)
: createDisabledSupabaseClient();

export { supabase };

Verify locally (important)

Run:
npm run build

Make sure it passes before pushing.

5. Commit & push fix

[prabhakarshukla]

@deep-xu updates???