diff --git a/.github/workflows/docs-lint-v2.yml b/.github/workflows/docs-lint-v2.yml
index 1536658780fa6..0aabb9ce7faef 100644
--- a/.github/workflows/docs-lint-v2.yml
+++ b/.github/workflows/docs-lint-v2.yml
@@ -28,10 +28,10 @@ jobs:
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
- key: e23c860111349d8bac17b78b1fe632afe84223f9
+ key: 2d535367b06fe62354035464cf8334929bafca85
- name: install linter
if: steps.cache-cargo.outputs.cache-hit != 'true'
- run: cargo install --locked --git https://github.com/supabase-community/supa-mdx-lint --rev e23c860111349d8bac17b78b1fe632afe84223f9
+ run: cargo install --locked --git https://github.com/supabase-community/supa-mdx-lint --rev 2d535367b06fe62354035464cf8334929bafca85
- name: install reviewdog
uses: reviewdog/action-setup@3f401fe1d58fe77e10d665ab713057375e39b887 # v1.3.0
with:
@@ -41,4 +41,4 @@ jobs:
REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
set -o pipefail
- supa-mdx-lint apps/docs/content/guides/getting-started apps/docs/content/guides/ai --format rdf | reviewdog -f=rdjsonl -reporter=github-pr-review
+ supa-mdx-lint apps/docs/content/guides/getting-started apps/docs/content/guides/ai apps/docs/content/guides/auth --format rdf | tee >(cat) | reviewdog -f=rdjsonl -reporter=github-pr-review
diff --git a/apps/docs/content/guides/api/sql-to-api.mdx b/apps/docs/content/guides/api/sql-to-api.mdx
index 619e7bf7a3c4c..2e2183d0766bc 100644
--- a/apps/docs/content/guides/api/sql-to-api.mdx
+++ b/apps/docs/content/guides/api/sql-to-api.mdx
@@ -30,7 +30,7 @@ const { data, error } = await supabase
.limit(20)
```
-## Select statement with complex Boolean Logic clause
+## Select statement with complex Boolean logic clause
Select all columns from a single table with a complex where clause: OR AND OR
diff --git a/apps/docs/content/guides/auth/auth-anonymous.mdx b/apps/docs/content/guides/auth/auth-anonymous.mdx
index 4ccb77a318177..d1315c41ba4b4 100644
--- a/apps/docs/content/guides/auth/auth-anonymous.mdx
+++ b/apps/docs/content/guides/auth/auth-anonymous.mdx
@@ -102,7 +102,7 @@ response = supabase.auth.sign_in_anonymously()
Converting an anonymous user to a permanent user requires [linking an identity](/docs/guides/auth/auth-identity-linking#manual-linking-beta) to the user. This requires you to [enable manual linking](/dashboard/project/_/settings/auth) in your Supabase project.
-### Link an Email / Phone identity
+### Link an email / phone identity
auth.rate_limits.otp.period and they expire after auth.rate_limits.otp.validity. This is configurable via `Auth > Providers > Email > Email OTP Expiration`. An expiry duration of more than 86400 seconds (one day) is disallowed to guard against brute force attacks. The longer an OTP remains valid, the more time an attacker has to attempt brute force attacks. If the OTP is valid for several days, an attacker might have more opportunities to guess the correct OTP through repeated attempts.
-### Signing in with Email OTP
+### Signing in with email OTP
#### Step 1: Send the user an OTP code
diff --git a/apps/docs/content/guides/auth/auth-email-templates.mdx b/apps/docs/content/guides/auth/auth-email-templates.mdx
index 265ffd32807b8..8bed95ba750ee 100644
--- a/apps/docs/content/guides/auth/auth-email-templates.mdx
+++ b/apps/docs/content/guides/auth/auth-email-templates.mdx
@@ -29,7 +29,7 @@ The templating system provides the following variables for use:
On hosted Supabase projects, edit your email templates on the [Email Templates](/dashboard/project/_/auth/templates) page. On self-hosted projects or in local development, edit your [configuration files](/docs/guides/local-development/customizing-email-templates).
-## Mobile Deep Linking
+## Mobile deep linking
For mobile applications, you might need to link or redirect to a specific page within your app. See the [Mobile Deep Linking guide](/docs/guides/auth/native-mobile-deep-linking) to set this up.
diff --git a/apps/docs/content/guides/auth/auth-helpers/auth-ui.mdx b/apps/docs/content/guides/auth/auth-helpers/auth-ui.mdx
index 296abdf89640a..55d96374d179d 100644
--- a/apps/docs/content/guides/auth/auth-helpers/auth-ui.mdx
+++ b/apps/docs/content/guides/auth/auth-helpers/auth-ui.mdx
@@ -478,7 +478,7 @@ Setting `showLinks` to `false` will hide the following links:
- Send a magic link email
- Forgot your password?
-### Sign in and Sign up views
+### Sign in and sign up views
Add `sign_in` or `sign_up` views with the `view` prop:
diff --git a/apps/docs/content/guides/auth/auth-hooks.mdx b/apps/docs/content/guides/auth/auth-hooks.mdx
index 9d35a938a5e46..94118f245a561 100644
--- a/apps/docs/content/guides/auth/auth-hooks.mdx
+++ b/apps/docs/content/guides/auth/auth-hooks.mdx
@@ -46,7 +46,7 @@ A HTTP Hook is an endpoint which takes in a JSON event payload and returns a JSO
-## Security Model
+## Security model
Sign the payload and grant permissions selectively in order to guard the integrity of the payload.
@@ -261,7 +261,7 @@ Note that payloads are sent uncompressed in order to accurately track Content Le
In the dashboard, navigate to [`Authentication > Hooks`](/dashboard/project/_/auth/hooks) and select the appropriate function type (SQL or HTTP) from the dropdown menu.
-### Error Handling
+### Error handling
You should return an error when facing a runtime error. Runtime errors are specific to your application and arise from specific business rules rather than programmer errors.
diff --git a/apps/docs/content/guides/auth/auth-hooks/send-email-hook.mdx b/apps/docs/content/guides/auth/auth-hooks/send-email-hook.mdx
index c6e2f30ab0b5a..72be9f5b4fb6b 100644
--- a/apps/docs/content/guides/auth/auth-hooks/send-email-hook.mdx
+++ b/apps/docs/content/guides/auth/auth-hooks/send-email-hook.mdx
@@ -6,7 +6,7 @@ subtitle: 'Use a custom email provider to send authentication messages'
The Send Email Hook runs before an email is sent and allows for flexibility around email sending. You can use this hook to configure a back-up email provider or add internationalization to your emails.
-## Email Sending Behavior
+## Email sending behavior
Email sending depends on two settings: Email Provider and Auth Hook status.
diff --git a/apps/docs/content/guides/auth/auth-mfa/phone.mdx b/apps/docs/content/guides/auth/auth-mfa/phone.mdx
index 62eb80f8fa9ba..e06b7e458cc6a 100644
--- a/apps/docs/content/guides/auth/auth-mfa/phone.mdx
+++ b/apps/docs/content/guides/auth/auth-mfa/phone.mdx
@@ -306,7 +306,7 @@ function AuthMFA() {
the background automatically and finally call the `onSuccess` callback, which
will show the authenticated `App` component on screen.
-### Security Configuration
+### Security configuration
Each code is valid for up to 5 minutes, after which a new one can be sent. Successive codes remain valid until expiry. When possible choose the longest code length acceptable to your use case, at a minimum of 6. This can be configured in the [Authentication Settings](/dashboard/project/_/settings/auth).
diff --git a/apps/docs/content/guides/auth/debugging/error-codes.mdx b/apps/docs/content/guides/auth/debugging/error-codes.mdx
index 1116fbd4778fb..06fca4a0ed380 100644
--- a/apps/docs/content/guides/auth/debugging/error-codes.mdx
+++ b/apps/docs/content/guides/auth/debugging/error-codes.mdx
@@ -5,11 +5,11 @@ description: 'Supabase Auth Error Codes'
subtitle: 'Learn about the Auth error codes and how to resolve them'
---
-## Auth Error Codes
+## Auth error codes
Supabase Auth can return various errors when using its API. This guide explains how to handle these errors effectively across different programming languages.
-## Error Types
+## Error types
Supabase Auth errors are generally categorized into two main types:
@@ -73,10 +73,12 @@ All instances and subclasses of a `AuthRestException` have a `errorCode` propert
-## HTTP Status Codes
+## HTTP status codes
Below are the most common HTTP status codes you might encounter, along with their meanings in the context of Supabase Auth:
+{/* supa-mdx-lint-disable Rule001HeadingCase */}
+
### [403 Forbidden](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/403)
Sent out in rare situations where a certain Auth feature is not available for the user, and you as the developer are not checking a precondition whether that API is available for the user.
@@ -97,13 +99,15 @@ Indicate that the Auth server's service is degraded. Most often it points to iss
Sent out when a feature is not enabled on the Auth server, and you are trying to use an API which requires it.
-The following table provides a comprehensive list of error codes you may encounter when working with Supabase Auth. Each error code is associated with a specific issue and includes a description to help you understand and resolve the problem efficiently.
+{/* supa-mdx-lint-enable Rule001HeadingCase */}
-## Auth Error Codes Table
+## Auth error codes table
+
+The following table provides a comprehensive list of error codes you may encounter when working with Supabase Auth. Each error code is associated with a specific issue and includes a description to help you understand and resolve the problem efficiently.
-## Best Practices for Error Handling
+## Best practices for error handling
- Always use `error.code` and `error.name` to identify errors, not string matching on error messages.
- Avoid relying solely on HTTP status codes, as they may change unexpectedly.
diff --git a/apps/docs/content/guides/auth/native-mobile-deep-linking.mdx b/apps/docs/content/guides/auth/native-mobile-deep-linking.mdx
index d8ec66771b5e5..b1e1a6b41aa4f 100644
--- a/apps/docs/content/guides/auth/native-mobile-deep-linking.mdx
+++ b/apps/docs/content/guides/auth/native-mobile-deep-linking.mdx
@@ -11,7 +11,7 @@ Many Auth methods involve a redirect to your app. For example:
With Deep Linking, you can configure this redirect to open a specific page. This is necessary if, for example, you need to display a form for password reset, or to manually exchange a token hash.
-## Setting up Deep Linking
+## Setting up deep linking
-## Enabling Phone Login
+## Enabling phone login
Enable phone authentication on the [Auth Providers page](/dashboard/project/_/auth/providers) for hosted Supabase projects.
diff --git a/apps/docs/content/guides/auth/redirect-urls.mdx b/apps/docs/content/guides/auth/redirect-urls.mdx
index 92b225af67e8f..9fe181bd8561f 100644
--- a/apps/docs/content/guides/auth/redirect-urls.mdx
+++ b/apps/docs/content/guides/auth/redirect-urls.mdx
@@ -100,7 +100,7 @@ For mobile applications you can use deep linking URIs. For example, for your `SI
Read more about deep linking and find code examples for different frameworks [here](/docs/guides/auth/native-mobile-deep-linking).
-## Error Handling
+## Error handling
When authentication fails, the user will still be redirected to the redirect URL provided. However, the error details will be returned as query fragments in the URL. You can parse these query fragments and show a custom error message to the user. For example:
diff --git a/apps/docs/content/guides/auth/server-side/advanced-guide.mdx b/apps/docs/content/guides/auth/server-side/advanced-guide.mdx
index 3b8b37fafff36..6bd744baab091 100644
--- a/apps/docs/content/guides/auth/server-side/advanced-guide.mdx
+++ b/apps/docs/content/guides/auth/server-side/advanced-guide.mdx
@@ -38,6 +38,8 @@ To improve experience for your users, we recommend redirecting users to one spec
This is not necessary. Both the access token and refresh token are designed to be passed around to different components in your application. The browser-based side of your application needs access to the refresh token to properly maintain a browser session anyway.
+{/* supa-mdx-lint-disable-next-line Rule001HeadingCase */}
+
### My server is getting invalid refresh token errors. What's going on?
It is likely that the refresh token sent from the browser to your server is stale. Make sure the `onAuthStateChange` listener callback is free of bugs and is registered relatively early in your application's lifetime
diff --git a/apps/docs/content/guides/auth/sessions.mdx b/apps/docs/content/guides/auth/sessions.mdx
index 7d71f848912ba..3a219162e6ac4 100644
--- a/apps/docs/content/guides/auth/sessions.mdx
+++ b/apps/docs/content/guides/auth/sessions.mdx
@@ -119,7 +119,7 @@ When a user signs out, the sessions affected by the logout are removed from the
Note that sessions are not proactively terminated when their maximum lifetime (time-box) or inactivity timeout are reached. These sessions are cleaned up progressively 24 hours after reaching that status. This allows you to tweak the values or roll back changes without causing unintended user friction.
-### Can I use HTTP-Only cookies to store the access and refresh tokens?
+### Can I use HTTP-only cookies to store the access and refresh tokens?
This is possible, but only for apps that use the traditional server-only web app approach where all of the application logic is implemented on the server and it returns rendered HTML only.
diff --git a/apps/docs/content/guides/auth/third-party/aws-cognito.mdx b/apps/docs/content/guides/auth/third-party/aws-cognito.mdx
index 1fe4f48777190..183d5f8f6e6ea 100644
--- a/apps/docs/content/guides/auth/third-party/aws-cognito.mdx
+++ b/apps/docs/content/guides/auth/third-party/aws-cognito.mdx
@@ -140,7 +140,7 @@ user_pool_id = ""
user_pool_region = ""
```
-## Use a Pre-Token Generation Trigger to assign the authenticated role
+## Use a pre-token generation trigger to assign the authenticated role
Your Supabase project inspects the `role` claim present in all JWTs sent to it, to assign the correct Postgres role when using the Data API, Storage or Realtime authorization.
diff --git a/supa-mdx-lint.config.toml b/supa-mdx-lint.config.toml
index 745fe5912332b..b85581f17a6bb 100644
--- a/supa-mdx-lint.config.toml
+++ b/supa-mdx-lint.config.toml
@@ -6,30 +6,66 @@ ignore_patterns = ["**/_*.mdx"]
# Can also specify a regex that is compatible with the [Rust regex crate](https://docs.rs/regex/latest/regex/).
may_uppercase = [
"[A-Z0-9]{2,5}",
+ "APIs",
"Android",
"Angular",
"Apple",
"Auth",
+ "Auth0",
+ "Auth0 Actions?",
+ "Azure",
+ "Azure Developers?",
+ "Bitbucket",
+ "Boolean",
+ "Captcha",
"ChatGPT",
+ "Chrome",
+ "Code Exchange",
"Content Delivery Network",
"Dart",
+ "Discord",
"Edge Functions?",
+ "Expo",
+ "Facebook",
+ "Facebook Developers?",
+ "Figma",
+ "Figma Developers?",
+ "Firebase",
+ "Firebase Authentication",
"Flutter",
+ "GitHub",
+ "GitHub Actions",
+ "GitLab",
"GoTrue",
"Google",
"GraphQL",
+ "Hooks?",
"Hugging Face",
"I",
"IVFFlat",
+ "Inbucket",
"Ionic Angular",
"Ionic React",
"Ionic Vue",
"JavaScript",
+ "JWTs",
+ "Kakao",
+ "Kakao Developers?",
+ "Kakao Login",
+ "Keycloak",
"Kotlin",
+ "Kotlin Multiplatform",
+ "LinkedIn",
+ "LinkedIn Developers?",
+ "Linux",
+ "Magic Link",
"Navigable Small World",
"Next.js",
+ "Notion",
"Nuxt",
+ "OAuth",
"OpenAI",
+ "Open ID Connect",
"Poetry",
"Postgres",
"PostgreSQL",
@@ -39,23 +75,41 @@ may_uppercase = [
"React Native",
"Reciprocal Ranked Fusion",
"RedwoodJS",
+ "Remix",
"Retrieval Plugin",
"Roboflow Inference",
"Row Level Security",
"Server-Side Auth",
+ "Server-Side Rendering",
"Single Sign-On",
+ "Slack",
+ "Slack Developers?",
"SolidJS",
+ "Spotify",
+ "Spotify Developers?",
"Supabase",
"Svelte",
"SvelteKit",
"Swift",
"SwiftUI",
+ "Third-Party Auth",
+ "Twitch",
+ "Twitch Developers?",
+ "Twitter",
+ "Twitter Developers?",
"TypeScript",
+ "URIs",
+ "URLs",
"Xcode",
"Vecs",
"Vue",
+ "Web",
+ "Windows",
+ "WorkOS",
"Wrappers",
+ "Zoom",
+ "Zoom Developers?",
]
# Words that may be lowercased even if they are the first word in the sentence.
# Can also specify a regex that is compatible with the [Rust regex crate](https://docs.rs/regex/latest/regex/).
-may_lowercase = []
+may_lowercase = ["iOS"]