Supabase Auth: SSO, Mobile, and Server-Side Support

• create-t3-turbo

  5 208 9.4 TypeScript

  Clean and simple starter repo using the T3 Stack along with Expo React Native and Supabase (by supabase-community)

  

thanks for the suggestion. We're working on a full RN example here:

https://github.com/supabase-community/create-t3-turbo

Unfortunately we didn't quite finish it for the launch today, but it will be ready next week and we'll add it to the documentation.

• rls_oso

  1 3 3.9 Rust

  PoC postgres plugin to use oso authorization in row level security policies

> do you have an opinion on which enterprise-grade AuthZ provider works best with Supabase?

Since you asked for my personal opinion, then I would say Postgres Row Level Security for AuthZ. RLS is as powerful as it is flexible. It's fully-integrated with the rest of the Supabase stack, and it's portable if you don't like supabase - just pg_dump and take it to your favourite Postgres provider.

That said, I understand why it's useful to have something more structured like RBAC. We have experimented with a ideas here (specifically ABAC), using a custom libraries/extensions/custom claims[0]. We do something similar internally, but aren't 100% happy with the developer experience and don't plan to release it any time soon.

I'm sure the Auth team won't enjoy me saying this, but I like the idea of Zanzibar. I've seen some experimental Postgres extensions[1] that combine Oso[2] + RLS which I'd love to try when I get time.

[0] custom claims: https://dev.to/supabase/supabase-custom-claims-34l2

[2] Oso + RLS: https://github.com/MFAshby/rls_oso

[1] Oso: https://www.osohq.com/

• InfluxDB

  www.influxdata.com featured

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• supabase-py

  11 1,425 9.1 Python

  Python Client for Supabase. Query Postgres from Flask, Django, FastAPI. Python user authentication, security policies, edge functions, file storage, and realtime data streaming. Good first issue.

  

This project is very impressive! I do hope Supabase decides to support https://github.com/supabase-community/supabase-py , and not just leave it to the community. I would definitely consider becoming a paid customer, assuming Python was supported well/natively. If I am incorrect about Python support, please do let me know.

• fusionauth-samlv2

  3 5 4.6 Java

  SAML v2.0 bindings in Java using JAXB

  

Disclosure, I work for FusionAuth, which can both integrate with and compete with Supabase.

Welcome, Supabase, to the world of SAML/SSO. It's a hairy one, but single sign-on is undifferentiated and really great for customers, so I'm glad you joined.

A few thoughts:

* Consider adding identity linking to your roadmap. I noticed[0] that you don't support it, and will create duplicate accounts if someone uses SSO with the same email address that an existing account has. As a model, FusionAuth offers seven linking strategies[1]. This flexibility lets you handle more use cases.

* I'd encourage you (and your customers) to test across as many SPs as you can. SAML is an 800+ page specification and even though we've been offering SAML for over 10 years and have open sourced our bindings[2], we still have edge cases that pop up.

* I'd love to add FusionAuth as a SAML SSO provider to your docs, so will put that on our team's doc roadmap and submit a PR. :)

* Not related to SAML, but I'm glad that you are working towards supporting PKCE. I hope you deprecate the implicit grant; the XSS threat is very real and the OAuth 2.1 spec (still in progress) basically deprecates that grant[3] throw omission. Also, we agree that setting cookies (HTTPOnly and secure, please) is a great way to store tokens[4] and that is worth requiring a server side component in applications.

Finally, I understand why this is part of a paid offering; SAML is often used to segment out enterprise customers with $$$. You like to make money, as do we all. But I'd encourage you to think about a free tier because it is so helpful to the user experience. Maybe 1 SAML connection could be part of the base offering?

0: https://supabase.com/docs/guides/platform/sso

1: https://fusionauth.io/docs/v1/tech/identity-providers/#linki...

2: https://github.com/FusionAuth/fusionauth-samlv2/commits/mast...

3: https://oauth.net/2.1/

4: https://fusionauth.io/learn/expert-advice/oauth/oauth-token-...

• supabase-terraform

  2 78 0.0 HCL
  

Actually, we are experimenting with a Terraform provider to manage a project configuration, starting with Auth.

What are some other things you'd like to see in the Terraform provider?

[1]: supabase-terraform (https://github.com/supabase-community/supabase-terraform)

• flutter-chat

  2 49 0.0 Dart

  Simple chat application built with Flutter and Supabase.

  

If you're using Flutter, we do have a chat app example that has a basic email + password login. (https://github.com/supabase-community/flutter-chat)

• schemainspect

  1 48 0.0 Python

  Schema inspection for PostgreSQL (and potentially others).

follow up on the "security invoker" - we've filed a bug report here which you can follow: https://github.com/djrobstep/schemainspect/issues/86

• SaaSHub

  www.saashub.com featured

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

Suggest a related project