auth VS Next.js

Supabase Auth now supports anonymous sign-ins, one of our most-requested features by the community.

People keep writing this, doesn't Supabase rely on spinning up additional services to leave, meaning you can't leave to another managed offering?

Off the top of my mind, PostgREST and go-true? https://github.com/supabase/auth

-

If you use Postgres you're "locked" into Postgres: a technology with a laundry list of providers.

If you leave Supabase, you'll lose the fully managed aspect of 99% of the Postgres providers out there, which confirms the pain the parent comment is describing.

> Microsoft scans to check the website contains malware. IMHO the security blunder is a self-implemented magic link.

It's not self-implemented, you can check it out here: https://github.com/supabase/gotrue

> Not password protected if the password is part of the URL.

It's a token that's valid for a couple of minutes – just like a password reset token. Indeed, in the given implementation, it's the very same as the password reset token. If you consider this implementation as "not password protected", any website with a password reset functionality is "not password protected".

I hate to be this guy, really. I would like to adopt Supabase in company, but I cannot yet.

I commented on a HN post almost a year ago about how hard is to do custom Auth with Supabase. I still haven't find a good solution about it. For example, LDAP Auth is quite crucial in most enterprise settings, yet I have no idea how to do it with Supabase. I can find a workaround for PostgREST by putting a secondary API written in some other language and fiddling with reverse proxies. But how to do with Supabase, such that all other services (realtime,...) works nicely? Is it so hard to provide a function that accept a custom strategy given the HTTP request data?

I created an issue[0] almost a year ago on Supabase, which was transferred to Gotrue. I even provided some code examples from Laravel. Even if it is not specifically for LDAP, make some API available to do so, please.

[0] https://github.com/supabase/gotrue/issues/904

Yes there is, it's just not pretty yet: https://github.com/supabase/gotrue/blob/master/openapi.yaml

The gotrue api: https://github.com/supabase/gotrue

Validation happen inside of the GoTrue: https://github.com/supabase/gotrue... but you don't need it on your own, non supabase, server side resources... that's the beauty of JWT. You can validate JWT in any back-end / language, by simply checking the signature against HS256 key.

Supabase use gotrue for Auth, you can poke around in the code & read more about it here: https://github.com/supabase/gotrue

Next.js is a powerful React framework that enables developers to build server-rendered applications, static websites, and more. It's designed for production and provides features like automatic code splitting and optimized prefetching.

// source: https://github.com/vercel/next.js/blob/canary/packages/next/src/lib/worker.ts#L121C15-L129C16 for (;;) { onActivity() const result = await Promise.race(\[ (this.\_worker as any)\[method\](...args), restartPromise, \]) if (result !== RESTARTED) return result if (onRestart) onRestart(method, args, ++attempts) }

https://github.com/vercel/next.js/discussions/27666 One of them said 'renaming folder to uppercase' might cause trouble. git might not recognize case-sensetive changes by default.

Next.js has long cemented itself as one of the front runners in the web framework world for JavaScript/TypeScript projects so we’re going to be using that. More specifically we’re going to be using V14 of Next.js which allows us to use some exciting new features like Server Actions and the App Router.

Web frameworks like Next.js will usually include this feature, but do check that they set the caching headers correctly!

Vite and Next.js are both top 5 modern development framework right now. They are both great depending on your use case so we’ll discuss 4 areas: Architecture, main features, developer experience and production readiness. After learning about these we’ll have a better idea of which one is best for your project.

> It’s important to be aware of what you are getting if you go with React, and what you are getting is a far cry from what a framework would offer, with all the corresponding pros and cons.

Would you like to elaborate on that?

In my experience, with something as great, size/ecosystem-wise as React, there will almost always be at least one "mainstream" package for whatever you might want to do with it, that integrates pretty well. Where a lot of things might come out of the box with a framework, with a library I often find myself just needing to install the "right" package, and from there it's pretty much the same.

For example, using https://angular.io/guide/i18n-overview or installing and using https://react.i18next.com/

Or something like https://angular.io/guide/form-validation out of the box, vs installing and using https://formik.org/

Or perhaps https://angular.io/guide/router vs https://reactrouter.com/en/main

Even adding something that's not there out of the box is pretty much the same, like https://primeng.org/ or https://primereact.org/

React will typically have more fragmentation and therefore also choice, but I don't see those two experiences as that different. Updates and version management/supply chain will inevitably be more of a mess with the library, admittedly.

Now, projects like Next https://nextjs.org/ exist and add what some might regard as the missing pieces and work well if you want something opinionated and with lots of features out of the box, but a lot of those features (like SSR) are actually pretty advanced and not always even necessary.

Next.js: For the website and the admin dashboard

Until the time of writing, there is no official example of how to enable runtime environmental variables in a Dockerized Next.js app, as utilizing unstable_noStore would only dynamically evaluate variables on the server (node.js runtime). There is also an interesting discussion regarding this topic on GitHub.

next.js is a very popular React framework. remix-adonisjs includes more functionality through the AdonisJS backend ecosystem, and should be easier to self-host and self-manage.