Supabase Auth

08-05-2020

4 minute read

Supabase is an open source Firebase alternative. We are building the features of Firebase using scalable, open source products.

Two months ago a developer discovered Supabase and (unexpectedly) launched us on Hacker News. Although we had completed only 3 months of development the community support was both incredible and humbling.

Developers were obviously excited about the prospect of an open source Firebase alternative, but the comments were dominated by one emphatic feature request: Auth.

" Just FYI, making a good auth solution in Supabase will instantly make me a customer. "
@pdimitar

" For me the MVP, before I could use it for my commercial projects, would be: DB+auth. At that point, I could switch - and probably would. "
@julianeon

" This looks great, however at first peek it doesn't mention anything about auth. Do you have any plans for that? For me this is the topic I most want to just delegate to the service. "
@2mol

So we got to work, and today we're ecstatic to launch Supabase Auth. Let's dig into some of the features of the Auth system.

Supabase Auth

Supabase Auth provides all the backend services you need to authenticate and authorize your users.

User management

Supabase makes it simple to onboard your users with our new supabase.auth.signUp() and supabase.auth.signIn() functions.

Row Level Security

Authentication only gets you so far. When you need granular authorization rules, nothing beats PostgreSQL's Row Level Security. Supabase makes it simple to turn RLS on and off.

Policies

Policies are PostgreSQL's rule engine. They are incredibly powerful and flexible, allowing you to write complex SQL rules which fit your unique business needs.

With policies, your database becomes the rules engine. Instead of repetitively filtering your queries, like this ...


_10
const loggedInUserId = 'd0714948'
_10
let user = await supabase.from('users').select('user_id, name').eq('user_id', loggedInUserId)\n
_10
// Returns { id: 'd0714948', name: 'Jane'

... you can simply define a rule on your database table, (select auth.uid()) = user_id, and your request will return the rows which pass the rule, even when you remove the filter from your middleware:


_10
let user = await supabase.from('users').select('user_id, name')\n
_10
// Still returns { id: 'd0714948', name: 'Jane' }

Open source

Building an open source Firebase alternative is difficult task, made possible by an amazing suite of OSS tools that have forged the way for Supabase. We spent many weeks building Auth POC's with existing OSS tools. Notable mentions go to RedHat's KeyCloak, and Ory's Kratos.

Ultimately we landed on a system which utilises three amazing open source products:

  • Authorization: PostgreSQL and PostgREST.
  • Authentication: Netlify's GoTrue server, which we forked and will continue to contribute to.

Next steps

Supabase has a culture of shipping early and often. Our Auth release is another example of this, and we still have a lot of work to do. Next month we have more Auth features planned, including custom email templates and 3rd-party OAuth providers. We also plan to simplify the Policy interface, enabling non-technical users to get started with one of PostgreSQL's best features.

Get started

Supabase Auth is ready for you to start using today, free of charge: supabase.com/dashboard

To see the full power of our auth system, watch this demo where I deploy a secure, real-time slack clone to Vercel in less than 3 minutes.

Share this article

Build in a weekend, scale to millions