No-CodeIntermediate

How to Add User Login and Signup in a Lovable App

Wire Supabase authentication into a Lovable project so users can sign up, log in, and see their own private data.

10 minIntermediate

Most real apps need accounts. Lovable integrates with Supabase Auth, which handles email and password login, sessions, and per-user data. This guide adds authentication to an existing Lovable app and makes sure each user only sees their own records.

What you need

  • An existing Lovable project with at least one page
  • A Supabase account (free tier is fine)
  • Your project already connected to Supabase, or willingness to connect it now
  • About 20 minutes

Step 1: Connect Supabase to the project

If you have not already, open the Supabase panel in Lovable and link a project. Lovable stores the project URL and the anon key and uses them for both database and auth calls.

Lovable - Supabase panel
Supabase integration
------------------------------------------
Project: prep-pilot-prod
URL: https://abcxyz.supabase.co
Status: Connected (anon key stored)
[ Manage tables ] [ Open Supabase ]
Link a Supabase project before adding auth.

Step 2: Ask Lovable to add auth pages

Prompt Lovable to add the sign-up and login flow. It generates the forms, the session handling, and a way to log out. Be explicit that you want email and password auth so it does not guess.

chat prompt
Add Supabase email and password authentication with a Sign Up page, a Log In page, and a Log Out button in the header. Redirect logged-out users to the login page.

Step 3: Protect data with row level security

Auth alone does not stop one user reading another user's rows. You must enable Row Level Security (RLS) on your tables and add a policy that ties each row to its owner. Ask Lovable to do this, or run the SQL yourself in the Supabase SQL editor.

Supabase SQL editor
alter table habits enable row level security;

create policy "Users see only their habits"
  on habits for all
  using ( auth.uid() = user_id )
  with check ( auth.uid() = user_id );
Never skip RLS
Without Row Level Security, the public anon key can read every row in the table. Anyone who opens your app could fetch all users' data. Always enable RLS and test it before you publish.

Step 4: Test signup and isolation

Create two accounts in the preview, add data with each, and confirm that one account cannot see the other's records. This is the real test that auth and RLS are working together.

Lovable - preview
You
Add Supabase email/password auth with login, signup, and logout.
Agent
Added /login and /signup pages, a session guard that redirects logged-out users, and a Log Out button. I also enabled RLS on the habits table so each user only sees their own rows.

Result

Your app now has working accounts. New users can sign up, returning users log in, and the database enforces that each person only ever touches their own data. You can publish with confidence that the basics of security are in place.

Watch related tutorials

Lovable AI Website Builder Full Tutorial for Beginners22:00
Lovable AI Website Builder Full Tutorial for Beginners
YouTube
Lovable Tutorial | Build Your Business App Idea in Minutes with AI18:00
Lovable Tutorial | Build Your Business App Idea in Minutes with AI
YouTube
Lovable AI: How to Build an App & Upload to App Store (Tutorial)20:00
Lovable AI: How to Build an App & Upload to App Store (Tutorial)
YouTube
Building 5 AI Apps In 30 Minutes (ChatGPT + Lovable Tutorial)30:00
Building 5 AI Apps In 30 Minutes (ChatGPT + Lovable Tutorial)
YouTube
Claude Code - Full Tutorial for Beginners1:42:18
Claude Code - Full Tutorial for Beginners
freeCodeCamp.org
Full Claude Code Tutorial for Non-Technical Beginners in 2026 (step-by-step)28:14
Full Claude Code Tutorial for Non-Technical Beginners in 2026 (step-by-step)
AI LABS
Tags
#lovable#supabase#auth#login#security
All how-to guides