Supabase Flutter SDK Authentication Failure with Valid Credentials

[mason-ember]

Describe the bug
I've encountered an issue with the signInWithPassword method in the Supabase Flutter SDK (version 2.4.1) where authentication fails despite using valid credentials that work with direct API calls.

Issue Description:

• Authentication using supabase.auth.signInWithPassword() fails with "Invalid login credentials" error (400 status code)
• The same exact credentials authenticate successfully via direct HTTP POST to the REST endpoint

Environment:

• Supabase Flutter SDK: 2.4.1
• Flutter: 3.24.3
• Platform: Android (tested on emulator)

To Reproduce
Steps to reproduce the behavior:

1. Initialize Supabase Flutter SDK with valid URL and anon key
2. Call supabase.auth.signInWithPassword() with valid credentials
3. Observe the "Invalid login credentials" error
4. Make a direct HTTP POST to /auth/v1/token?grant_type=password with the same credentials
5. Observe successful authentication with 200 status code

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
If applicable, add screenshots to help explain your problem.

Version (please complete the following information):
On Linux/macOS
Please run dart pub deps | grep -E "supabase|gotrue|postgrest|storage_client|realtime_client|functions_client" in your project directory and paste the output here.
├── supabase_flutter 2.8.4
│ ├── supabase 2.6.3
│ │ ├── functions_client 2.4.1
│ │ ├── gotrue 2.11.1
│ │ ├── postgrest 2.4.1
│ │ ├── realtime_client 2.4.2
│ │ ├── storage_client 2.3.1

Additional context
May be relevant - I'm not a programmer. Working closely with Claude 3.7 sonnet (via Claude Code) to build Flutter app running on iOS and Android. Recently switched from Firebase to Supabase - and ran into this issue.

Working Direct API Code:

final url = 'https://mibgwobvweznhxowqvip.supabase.co/auth/v1/token?grant_type=password';
final headers = {
  'apikey': '<anon_key>',
  'Content-Type': 'application/json',
};
final body = jsonEncode({
  'email': email,
  'password': password,
});

final response = await http.post(Uri.parse(url), headers: headers, body: body);
// Status code 200 - Success

Failing SDK Code:
final response = await supabase.auth.signInWithPassword(
  email: email,
  password: password,
);
// AuthException(message: Invalid login credentials, statusCode: 400, errorCode: 
invalid_credentials)

I've implemented a workaround by directly calling the REST API, but this circumvents the benefits of using the SDK.

[Vinzent03]

If I remember correctly, the Invalid login credentials refers to an invalid api key and not the password you provide to the sign in call. So please verify that your apikey for the supabase client initialization (for frontend the anonkey) is correct.

[mason-ember]

Thanks for the insight. ChatGPT thinks you might be on to something. I'll look into it in the next few days and let you know what I find.