supabase-js VS auth

[Edge Functions] Custom domains and vanity domains support for Edge Functions. PR

First of all, the code you provided is not directly supabase, but is whatever is provided from the javascript library. The auth part is then redirecting to the gotrue-js library, and as seen here [Gotrue-JS#L238] it returns a `Promise` and that specific type is declared here Where we see it could be two return types. ```ts | { data: { user: User | null session: Session | null } error: null } | { data: { user: null session: null } error: AuthError }

Next up, Supabase released v2 of their JavaScript client library (supabase-js), which brought with it a number of developer experience type improvements, and streamlined how we use some of the API's. A number of methods were also deprecated in this new release, which we'll cover later in this guide.

We install the Supabase client library and also Chakra-UI which we will be using to build our React components.

The last part is the easiest as we simply need to connect Supabase to our Ionic app and call one function. Get started by bringing up a new Ionic app and install the Supabase JS client:

Under src/lib I have a .ts file where I create a supabase client inside.

First and foremost, the language and framework – Typescript & React. Typescript is a must for a project of this size. It provides safety and peace of mind as I iterate quickly to solve bugs and add new features. React is a by-product of the next two things I will mention, Next and Remix. Both of these are higher abstractions on top of React and supply incredible tooling to build fast server side rendered applications. Picking one or the other was driven by my database and auth provider, Supabase. I could have tried to make it work with Remix, but there was already an authentication helper for Next from the Supabase community so I decided on Next. Still using Remix for this current website since I do love Remix so much.

Have a look at https://postgrest.org/en/stable/. They do something in this direction and e.g. supabase.io uses them. Their approach is, if you have a database you have a REST API.

Supabase Auth now supports anonymous sign-ins, one of our most-requested features by the community.

People keep writing this, doesn't Supabase rely on spinning up additional services to leave, meaning you can't leave to another managed offering?

Off the top of my mind, PostgREST and go-true? https://github.com/supabase/auth

-

If you use Postgres you're "locked" into Postgres: a technology with a laundry list of providers.

If you leave Supabase, you'll lose the fully managed aspect of 99% of the Postgres providers out there, which confirms the pain the parent comment is describing.

> Microsoft scans to check the website contains malware. IMHO the security blunder is a self-implemented magic link.

It's not self-implemented, you can check it out here: https://github.com/supabase/gotrue

> Not password protected if the password is part of the URL.

It's a token that's valid for a couple of minutes – just like a password reset token. Indeed, in the given implementation, it's the very same as the password reset token. If you consider this implementation as "not password protected", any website with a password reset functionality is "not password protected".

I hate to be this guy, really. I would like to adopt Supabase in company, but I cannot yet.

I commented on a HN post almost a year ago about how hard is to do custom Auth with Supabase. I still haven't find a good solution about it. For example, LDAP Auth is quite crucial in most enterprise settings, yet I have no idea how to do it with Supabase. I can find a workaround for PostgREST by putting a secondary API written in some other language and fiddling with reverse proxies. But how to do with Supabase, such that all other services (realtime,...) works nicely? Is it so hard to provide a function that accept a custom strategy given the HTTP request data?

I created an issue[0] almost a year ago on Supabase, which was transferred to Gotrue. I even provided some code examples from Laravel. Even if it is not specifically for LDAP, make some API available to do so, please.

[0] https://github.com/supabase/gotrue/issues/904

Yes there is, it's just not pretty yet: https://github.com/supabase/gotrue/blob/master/openapi.yaml

The gotrue api: https://github.com/supabase/gotrue

Validation happen inside of the GoTrue: https://github.com/supabase/gotrue... but you don't need it on your own, non supabase, server side resources... that's the beauty of JWT. You can validate JWT in any back-end / language, by simply checking the signature against HS256 key.

Supabase use gotrue for Auth, you can poke around in the code & read more about it here: https://github.com/supabase/gotrue