-
create-t3-turbo
Clean and simple starter repo using the T3 Stack along with Expo React Native and Supabase (by supabase-community)
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
supabase-py
Python Client for Supabase. Query Postgres from Flask, Django, FastAPI. Python user authentication, security policies, edge functions, file storage, and realtime data streaming. Good first issue.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
thanks for the suggestion. We're working on a full RN example here:
https://github.com/supabase-community/create-t3-turbo
Unfortunately we didn't quite finish it for the launch today, but it will be ready next week and we'll add it to the documentation.
> do you have an opinion on which enterprise-grade AuthZ provider works best with Supabase?
Since you asked for my personal opinion, then I would say Postgres Row Level Security for AuthZ. RLS is as powerful as it is flexible. It's fully-integrated with the rest of the Supabase stack, and it's portable if you don't like supabase - just pg_dump and take it to your favourite Postgres provider.
That said, I understand why it's useful to have something more structured like RBAC. We have experimented with a ideas here (specifically ABAC), using a custom libraries/extensions/custom claims[0]. We do something similar internally, but aren't 100% happy with the developer experience and don't plan to release it any time soon.
I'm sure the Auth team won't enjoy me saying this, but I like the idea of Zanzibar. I've seen some experimental Postgres extensions[1] that combine Oso[2] + RLS which I'd love to try when I get time.
[0] custom claims: https://dev.to/supabase/supabase-custom-claims-34l2
[2] Oso + RLS: https://github.com/MFAshby/rls_oso
[1] Oso: https://www.osohq.com/
This project is very impressive! I do hope Supabase decides to support https://github.com/supabase-community/supabase-py , and not just leave it to the community. I would definitely consider becoming a paid customer, assuming Python was supported well/natively. If I am incorrect about Python support, please do let me know.
Disclosure, I work for FusionAuth, which can both integrate with and compete with Supabase.
Welcome, Supabase, to the world of SAML/SSO. It's a hairy one, but single sign-on is undifferentiated and really great for customers, so I'm glad you joined.
A few thoughts:
* Consider adding identity linking to your roadmap. I noticed[0] that you don't support it, and will create duplicate accounts if someone uses SSO with the same email address that an existing account has. As a model, FusionAuth offers seven linking strategies[1]. This flexibility lets you handle more use cases.
* I'd encourage you (and your customers) to test across as many SPs as you can. SAML is an 800+ page specification and even though we've been offering SAML for over 10 years and have open sourced our bindings[2], we still have edge cases that pop up.
* I'd love to add FusionAuth as a SAML SSO provider to your docs, so will put that on our team's doc roadmap and submit a PR. :)
* Not related to SAML, but I'm glad that you are working towards supporting PKCE. I hope you deprecate the implicit grant; the XSS threat is very real and the OAuth 2.1 spec (still in progress) basically deprecates that grant[3] throw omission. Also, we agree that setting cookies (HTTPOnly and secure, please) is a great way to store tokens[4] and that is worth requiring a server side component in applications.
Finally, I understand why this is part of a paid offering; SAML is often used to segment out enterprise customers with $$$. You like to make money, as do we all. But I'd encourage you to think about a free tier because it is so helpful to the user experience. Maybe 1 SAML connection could be part of the base offering?
0: https://supabase.com/docs/guides/platform/sso
1: https://fusionauth.io/docs/v1/tech/identity-providers/#linki...
2: https://github.com/FusionAuth/fusionauth-samlv2/commits/mast...
3: https://oauth.net/2.1/
4: https://fusionauth.io/learn/expert-advice/oauth/oauth-token-...
Actually, we are experimenting with a Terraform provider to manage a project configuration, starting with Auth.
What are some other things you'd like to see in the Terraform provider?
[1]: supabase-terraform (https://github.com/supabase-community/supabase-terraform)
If you're using Flutter, we do have a chat app example that has a basic email + password login. (https://github.com/supabase-community/flutter-chat)
follow up on the "security invoker" - we've filed a bug report here which you can follow: https://github.com/djrobstep/schemainspect/issues/86
Related posts
-
Request For Information: What are you using Supabase for? ยท Issue #424 ยท supabase-community/supabase-py
-
Hey #Python fam ๐ Please help us out with this one ๐
-
Supabase Storage v3: Resumable Uploads with support for 50GB files
-
supabase-py: a client for Supabase (Postgres-as-a-Service)
-
how to extend supabase with python flask server using token authentication?