Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add third-party auth support #1004

Merged
merged 1 commit into from
Jul 29, 2024
Merged

feat: add third-party auth support #1004

merged 1 commit into from
Jul 29, 2024

Conversation

hf
Copy link
Contributor

@hf hf commented Apr 1, 2024

Adds support for the accessToken option on the Supabase client which can be used to provide a third-party authentication (e.g. Auth0, Clerk, Firebase Auth, ...) access token or ID token to be used instead of Supabase Auth.

When set, supabase.auth.xyz cannot be used and an error will be thrown.

@coveralls
Copy link

coveralls commented Apr 1, 2024
edited
Loading

Pull Request Test Coverage Report for Build 10130650437

Details

  • 12 of 15 (80.0%) changed or added relevant lines in 2 files are covered.
  • 1 unchanged line in 1 file lost coverage.
  • Overall coverage increased (+1.1%) to 66.038%
Changes Missing Coverage Covered Lines Changed/Added Lines %
src/lib/helpers.ts 5 6 83.33%
src/SupabaseClient.ts 7 9 77.78%
Files with Coverage Reduction New Missed Lines %
src/SupabaseClient.ts 1 64.35%
Totals Coverage Status
Change from base Build 9934309018: 1.1%
Covered Lines: 99
Relevant Lines: 129
💛 - Coveralls

@j4w8n
Copy link
Contributor

j4w8n commented Apr 10, 2024
edited
Loading

Correct me if I'm wrong, but couldn't this also be used to authenticate supabase clients, for RLS, during API requests? This assumes a Supabase JWT is being used as the API key.

So instead of adding the JWT to the global header, you'd use accessToken, because I believe supabase-js will use this for db fetch requests.

/* Some API endpoint that your user hits. */
const jwt = 'get-from-request-authorization-header'

const supabase = createClient(
  env.SUPABASE_URL, 
  env.SUPABASE_ANON_KEY, {
+ accessToken: async () => { return `${jwt}` }
- global: {
-   headers: {
-     Authorization: `Bearer ${jwt}`
-   }
- },
- auth: {
-   persistSession: false,
-   detectSessionInUrl: false,
-   autoRefreshToken: false
- }
})

const { data, error } = await supabase.from('table').select('column')

@j4w8n j4w8n mentioned this pull request May 26, 2024
Open
@hf
Copy link
Contributor Author

hf commented Jun 17, 2024

Correct me if I'm wrong, but couldn't this also be used to authenticate supabase clients, for RLS, during API requests? This assumes a Supabase JWT is being used as the API key.

So instead of adding the JWT to the global header, you'd use accessToken, because I believe supabase-js will use this for db fetch requests.

Absolutely. No more needing to patch the global option thing.

@hf hf force-pushed the hf/add-third-party-auth-support branch from 10170f4 to c6fbbd1 Compare June 17, 2024 11:38
@grdsdev grdsdev mentioned this pull request Jun 17, 2024
Merged
@j4w8n j4w8n mentioned this pull request Jun 19, 2024
Open
kangmingtay
kangmingtay reviewed Jun 24, 2024
View reviewed changes
src/SupabaseClient.ts Outdated
Comment on lines 106 to 116
this.accessToken = settings.accessToken

this.auth = new Proxy<SupabaseAuthClient>({} as any, {
get: (prop) => {
throw new Error(
`@supabase/supabase-js: Supabase Client is configured with the accessToken option, accessing supabase.auth.${prop} is not possible`
)
},
})
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@hf why would we not want folks to access this if the access token is set?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is it because we want to prevent supabase auth from overriding the access token set?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, it is because this overrides any Supabase Auth access token, so using supabase.auth.,,, makes no more sense, and this prevents that confusion for now.

What access token will storage receive? Not Supabase Auth's.

@hf hf force-pushed the hf/add-third-party-auth-support branch from c6fbbd1 to fd66b1a Compare July 28, 2024 09:17
@hf hf force-pushed the hf/add-third-party-auth-support branch from fd66b1a to 7b4c23f Compare July 28, 2024 09:31
@hf hf merged commit fa97643 into master Jul 29, 2024
1 check passed
@hf hf deleted the hf/add-third-party-auth-support branch July 29, 2024 06:27
@dshukertjr dshukertjr mentioned this pull request Aug 7, 2024
Merged
@jan-tennert jan-tennert mentioned this pull request Aug 12, 2024
Merged
@silentworks silentworks mentioned this pull request Aug 21, 2024
Draft
@In0ri In0ri mentioned this pull request Sep 8, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kangmingtay kangmingtay kangmingtay left review comments

@J0 J0 J0 approved these changes

@mansmahamat mansmahamat mansmahamat approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@hf @coveralls @j4w8n @J0 @kangmingtay @mansmahamat