The auth methods can be accessed via the supabase.auth namespace.
By default, the supabase client sets persist_session to true and attempts to store the session in memory.
Any email links and one-time passwords (OTPs) sent have a default expiry of 24 hours. We have the following rate limits in place to guard against brute force attacks.
The expiry of an access token can be set in the "JWT expiry limit" field in your project's auth settings. A refresh token never expires and can only be used once.