Supabase•2w ago

Confirm SignUp VS Recovery link

Hi there,
I found a strange behavior where the recovery redirect url strips away certain parameters, while the sign up url keeps them.
I wanted to ask you if this is normal and how can I fix this, so my password recovery URL retains the parameters.

// SIGNUP
val url = "https://app.redacted.com/?a=recovery&source=mobile"

supabaseClient.auth.signUpWith(
    provider = Email,
    redirectUrl = url
) {
     email = input_email.value
     password = input_password.value
 }

// SIGNUP
val url = "https://app.redacted.com/?a=recovery&source=mobile"

supabaseClient.auth.signUpWith(
    provider = Email,
    redirectUrl = url
) {
     email = input_email.value
     password = input_password.value
 }

// RECOVERY
val url = "https://app.redacted.com/?a=recovery&source=mobile"

supabaseClient.auth.resetPasswordForEmail(
     email = email.value,
     redirectUrl = url
)

// RECOVERY
val url = "https://app.redacted.com/?a=recovery&source=mobile"

supabaseClient.auth.resetPasswordForEmail(
     email = email.value,
     redirectUrl = url
)

However, in my inbox, I receive these URLs:
Signup:

https://xxx.supabase.co/auth/v1/verify?token=pkce_redacted&type=signup&redirect_to=https%3A%2F%2Fapp.redacted.com%2F%3Fa%3Dsignup%26source%3Dmobile

https://xxx.supabase.co/auth/v1/verify?token=pkce_redacted&type=signup&redirect_to=https%3A%2F%2Fapp.redacted.com%2F%3Fa%3Dsignup%26source%3Dmobile

Recovery:

https://xxx.supabase.co/auth/v1/verify?token=pkce_redacted&type=recovery&redirect_to=https://app.redacted.com/

https://xxx.supabase.co/auth/v1/verify?token=pkce_redacted&type=recovery&redirect_to=https://app.redacted.com/

Notice how the RECOVERY flow strips away the source=mobilesource=mobile argument and our website consumes the PKCE key before it has a chance to return to the app.
I’ll be extremely thankful for any help!!

Oliver

© 2026 Hedgehog Software, LLC

More

Communities Docs About Terms Privacy

// SIGNUP
val url = "https://app.redacted.com/?a=recovery&source=mobile"

supabaseClient.auth.signUpWith(
    provider = Email,
    redirectUrl = url
) {
     email = input_email.value
     password = input_password.value
 }

// SIGNUP
val url = "https://app.redacted.com/?a=recovery&source=mobile"

supabaseClient.auth.signUpWith(
    provider = Email,
    redirectUrl = url
) {
     email = input_email.value
     password = input_password.value
 }

oli

O

oliOP•12/7/25, 7:27 PM

(In other words, how can I keep the

source=mobile

source=mobile

parameter in the recovery URL?)

In the supabase dashboard, both are configured to be

<p><a href="{{ .ConfirmationURL }}">Confirm</a></p>

<p><a href="{{ .ConfirmationURL }}">Confirm</a></p>

oli

Ooli Hi there, I found a strange behavior where the recovery redirect url strips away...

ibrahim

I

ibrahim•12/8/25, 7:23 AM

I'm not sure if this is the source of the issue but you should have redirectToredirectTo not redirectUrlredirectUrl for resetting password

ibrahim

Iibrahim I'm not sure if this is the source of the issue but you should have `redirectTo`...

oli

O

oliOP•12/8/25, 2:38 PM

oli

O

oliOP•12/8/25, 2:38 PM

There doesn't seem to be a parameter like that in the latest version of supabase kt

oli

Ooli There doesn't seem to be a parameter like that in the latest version of supabase...

ibrahim

I

ibrahim•12/9/25, 7:04 AM

My bad i was looking at the javascript client code, i didn't realise it was kotlin. Will have to wait until someone with kotlin experience comes

oli

O

oliOP•12/13/25, 9:29 AM

Okay

oli

ibrahim

I

ibrahim•12/14/25, 6:10 PM

If you think it is a bug then you can also file an issue https://github.com/supabase-community/supabase-kt/issues

GitHub

supabase-community/supabase-kt

A Kotlin Multiplatform Client for Supabase. . Contribute to supabase-community/supabase-kt development by creating an account on GitHub.