auth VS django-rest-framework

Supabase Auth now supports anonymous sign-ins, one of our most-requested features by the community.

People keep writing this, doesn't Supabase rely on spinning up additional services to leave, meaning you can't leave to another managed offering?

Off the top of my mind, PostgREST and go-true? https://github.com/supabase/auth

-

If you use Postgres you're "locked" into Postgres: a technology with a laundry list of providers.

If you leave Supabase, you'll lose the fully managed aspect of 99% of the Postgres providers out there, which confirms the pain the parent comment is describing.

> Microsoft scans to check the website contains malware. IMHO the security blunder is a self-implemented magic link.

It's not self-implemented, you can check it out here: https://github.com/supabase/gotrue

> Not password protected if the password is part of the URL.

It's a token that's valid for a couple of minutes – just like a password reset token. Indeed, in the given implementation, it's the very same as the password reset token. If you consider this implementation as "not password protected", any website with a password reset functionality is "not password protected".

I hate to be this guy, really. I would like to adopt Supabase in company, but I cannot yet.

I commented on a HN post almost a year ago about how hard is to do custom Auth with Supabase. I still haven't find a good solution about it. For example, LDAP Auth is quite crucial in most enterprise settings, yet I have no idea how to do it with Supabase. I can find a workaround for PostgREST by putting a secondary API written in some other language and fiddling with reverse proxies. But how to do with Supabase, such that all other services (realtime,...) works nicely? Is it so hard to provide a function that accept a custom strategy given the HTTP request data?

I created an issue[0] almost a year ago on Supabase, which was transferred to Gotrue. I even provided some code examples from Laravel. Even if it is not specifically for LDAP, make some API available to do so, please.

[0] https://github.com/supabase/gotrue/issues/904

Yes there is, it's just not pretty yet: https://github.com/supabase/gotrue/blob/master/openapi.yaml

The gotrue api: https://github.com/supabase/gotrue

Validation happen inside of the GoTrue: https://github.com/supabase/gotrue... but you don't need it on your own, non supabase, server side resources... that's the beauty of JWT. You can validate JWT in any back-end / language, by simply checking the signature against HS256 key.

Supabase use gotrue for Auth, you can poke around in the code & read more about it here: https://github.com/supabase/gotrue

- Django Rest Framework has no async support? https://github.com/encode/django-rest-framework/issues/7260

A URL shortener is a service that transforms long and complex URLs into short, easily memorable ones. This tutorial guides you through creating a URL shortener using Django REST framework and Postgres, deploying it on Koyeb.

Now, I'm converting this app into a Vue-based SPA (still powered by Django). I'm using the Django REST Framework to build the API that the SPA will interact with. (I'll be using token-based auth, via django-rest-knox. ETA: I'll actually be using djangorestframework-simplejwt.)

For the backend, we chose Python, Django Rest Framework. On the frontend, React, Redux, Saga, Sass. Let’s start with the backend, which was managed by Yegor. He writes about the server part of the project himself.

With regard to JSON API aspects of Django, have you used https://www.django-rest-framework.org/ ? I find it to be very satisfactory.

django-rest-framework and the Fetch API, or

Django REST Framework (DRF) Django REST Framework is a famous, powerful, and flexible toolkit for building Web APIs in Django. It provides a set of reusable components and tools to simplify API development, including serialization, authentication, permissions, and view sets.

I wish Django would take async more seriously. This comment gives a pretty good overview of the current situation (some points are more valid than others): https://github.com/encode/django-rest-framework/discussions/...

The Python ecosystem is strange. Where other dev communities will embrace new ways of doing things faster than most people can keep up — the Python community needs to be pulled kicking and screaming into the light once ever decade or so. Python 2 to 3, ~10 years.

async/await has been in Python since 2015, it feels like it's going to be another 5 years before we see people taking async seriously in the big packages. Same problem we had during the 2/3 transition. No library support, no developer support.

Thanks for helping Steve to complete his REST API, he is now partying🥳. You can get more information on how to use the Django REST framework to best way read the documentation. There are many alternatives to the Django REST framework, you can give them a try if you want,

[Django Rest Framework](https://www.django-rest-framework.org/) has the very nice idea of a [ViewSet](https://www.django-rest-framework.org/api-guide/viewsets/#modelviewset) that allows really minimal code to perform all the basic CRUD actions on a model.