diff --git a/Sources/Auth/AuthClient.swift b/Sources/Auth/AuthClient.swift
index afe35d56..58a91504 100644
--- a/Sources/Auth/AuthClient.swift
+++ b/Sources/Auth/AuthClient.swift
@@ -310,14 +310,18 @@ public actor AuthClient {
 
   /// Log in an existing user with an email and password.
   @discardableResult
-  public func signIn(email: String, password: String) async throws -> Session {
+  public func signIn(email: String, password: String, captchaToken: String? = nil) async throws -> Session {
     try await _signIn(
       request: .init(
         path: "/token",
         method: .post,
         query: [URLQueryItem(name: "grant_type", value: "password")],
         body: configuration.encoder.encode(
-          UserCredentials(email: email, password: password)
+          UserCredentials(
+            email: email,
+            password: password,
+            gotrueMetaSecurity: captchaToken.map(AuthMetaSecurity.init(captchaToken:))
+          )
         )
       )
     )
@@ -325,14 +329,18 @@ public actor AuthClient {
 
   /// Log in an existing user with a phone and password.
   @discardableResult
-  public func signIn(phone: String, password: String) async throws -> Session {
+  public func signIn(phone: String, password: String, captchaToken: String? = nil) async throws -> Session {
     try await _signIn(
       request: .init(
         path: "/token",
         method: .post,
         query: [URLQueryItem(name: "grant_type", value: "password")],
         body: configuration.encoder.encode(
-          UserCredentials(password: password, phone: phone)
+          UserCredentials(
+            password: password,
+            phone: phone,
+            gotrueMetaSecurity: captchaToken.map(AuthMetaSecurity.init(captchaToken:))
+          )
         )
       )
     )
diff --git a/Sources/Auth/Types.swift b/Sources/Auth/Types.swift
index f6ed0f05..f7f97331 100644
--- a/Sources/Auth/Types.swift
+++ b/Sources/Auth/Types.swift
@@ -20,17 +20,20 @@ public struct UserCredentials: Codable, Hashable, Sendable {
   public var password: String?
   public var phone: String?
   public var refreshToken: String?
+  public var gotrueMetaSecurity: AuthMetaSecurity?
 
   public init(
     email: String? = nil,
     password: String? = nil,
     phone: String? = nil,
-    refreshToken: String? = nil
+    refreshToken: String? = nil,
+    gotrueMetaSecurity: AuthMetaSecurity? = nil
   ) {
     self.email = email
     self.password = password
     self.phone = phone
     self.refreshToken = refreshToken
+    self.gotrueMetaSecurity = gotrueMetaSecurity
   }
 }
 
diff --git a/Tests/AuthTests/RequestsTests.swift b/Tests/AuthTests/RequestsTests.swift
index 60613d47..dc33d450 100644
--- a/Tests/AuthTests/RequestsTests.swift
+++ b/Tests/AuthTests/RequestsTests.swift
@@ -59,7 +59,8 @@ final class RequestsTests: XCTestCase {
     await assert {
       try await sut.signIn(
         email: "example@mail.com",
-        password: "the.pass"
+        password: "the.pass",
+        captchaToken: "dummy-captcha"
       )
     }
   }
@@ -70,7 +71,8 @@ final class RequestsTests: XCTestCase {
     await assert {
       try await sut.signIn(
         phone: "+1 202-918-2132",
-        password: "the.pass"
+        password: "the.pass",
+        captchaToken: "dummy-captcha"
       )
     }
   }
diff --git a/Tests/AuthTests/__Snapshots__/RequestsTests/testSignInWithEmailAndPassword.1.txt b/Tests/AuthTests/__Snapshots__/RequestsTests/testSignInWithEmailAndPassword.1.txt
index 8aa2cb83..e733a890 100644
--- a/Tests/AuthTests/__Snapshots__/RequestsTests/testSignInWithEmailAndPassword.1.txt
+++ b/Tests/AuthTests/__Snapshots__/RequestsTests/testSignInWithEmailAndPassword.1.txt
@@ -3,5 +3,5 @@ curl \
 	--header "Apikey: dummy.api.key" \
 	--header "Content-Type: application/json" \
 	--header "X-Client-Info: gotrue-swift/x.y.z" \
-	--data "{\"email\":\"example@mail.com\",\"password\":\"the.pass\"}" \
+	--data "{\"email\":\"example@mail.com\",\"gotrue_meta_security\":{\"captcha_token\":\"dummy-captcha\"},\"password\":\"the.pass\"}" \
 	"http://localhost:54321/auth/v1/token?grant_type=password"
\ No newline at end of file
diff --git a/Tests/AuthTests/__Snapshots__/RequestsTests/testSignInWithPhoneAndPassword.1.txt b/Tests/AuthTests/__Snapshots__/RequestsTests/testSignInWithPhoneAndPassword.1.txt
index 32961127..04cbb203 100644
--- a/Tests/AuthTests/__Snapshots__/RequestsTests/testSignInWithPhoneAndPassword.1.txt
+++ b/Tests/AuthTests/__Snapshots__/RequestsTests/testSignInWithPhoneAndPassword.1.txt
@@ -3,5 +3,5 @@ curl \
 	--header "Apikey: dummy.api.key" \
 	--header "Content-Type: application/json" \
 	--header "X-Client-Info: gotrue-swift/x.y.z" \
-	--data "{\"password\":\"the.pass\",\"phone\":\"+1 202-918-2132\"}" \
+	--data "{\"gotrue_meta_security\":{\"captcha_token\":\"dummy-captcha\"},\"password\":\"the.pass\",\"phone\":\"+1 202-918-2132\"}" \
 	"http://localhost:54321/auth/v1/token?grant_type=password"
\ No newline at end of file