Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add third-party auth support #1004

Merged
merged 1 commit into from
Jul 29, 2024
Merged

Conversation

hf
Copy link
Contributor

@hf hf commented Apr 1, 2024

Adds support for the accessToken option on the Supabase client which can be used to provide a third-party authentication (e.g. Auth0, Clerk, Firebase Auth, ...) access token or ID token to be used instead of Supabase Auth.

When set, supabase.auth.xyz cannot be used and an error will be thrown.

@coveralls
Copy link

coveralls commented Apr 1, 2024

Pull Request Test Coverage Report for Build 10130650437

Details

  • 12 of 15 (80.0%) changed or added relevant lines in 2 files are covered.
  • 1 unchanged line in 1 file lost coverage.
  • Overall coverage increased (+1.1%) to 66.038%

Changes Missing Coverage Covered Lines Changed/Added Lines %
src/lib/helpers.ts 5 6 83.33%
src/SupabaseClient.ts 7 9 77.78%
Files with Coverage Reduction New Missed Lines %
src/SupabaseClient.ts 1 64.35%
Totals Coverage Status
Change from base Build 9934309018: 1.1%
Covered Lines: 99
Relevant Lines: 129

💛 - Coveralls

@j4w8n
Copy link
Contributor

j4w8n commented Apr 10, 2024

Correct me if I'm wrong, but couldn't this also be used to authenticate supabase clients, for RLS, during API requests? This assumes a Supabase JWT is being used as the API key.

So instead of adding the JWT to the global header, you'd use accessToken, because I believe supabase-js will use this for db fetch requests.

/* Some API endpoint that your user hits. */
const jwt = 'get-from-request-authorization-header'

const supabase = createClient(
  env.SUPABASE_URL, 
  env.SUPABASE_ANON_KEY, {
+ accessToken: async () => { return `${jwt}` }
- global: {
-   headers: {
-     Authorization: `Bearer ${jwt}`
-   }
- },
- auth: {
-   persistSession: false,
-   detectSessionInUrl: false,
-   autoRefreshToken: false
- }
})

const { data, error } = await supabase.from('table').select('column')

@hf
Copy link
Contributor Author

hf commented Jun 17, 2024

Correct me if I'm wrong, but couldn't this also be used to authenticate supabase clients, for RLS, during API requests? This assumes a Supabase JWT is being used as the API key.

So instead of adding the JWT to the global header, you'd use accessToken, because I believe supabase-js will use this for db fetch requests.

Absolutely. No more needing to patch the global option thing.

@hf hf force-pushed the hf/add-third-party-auth-support branch from 10170f4 to c6fbbd1 Compare June 17, 2024 11:38
Comment on lines 106 to 116
this.accessToken = settings.accessToken

this.auth = new Proxy<SupabaseAuthClient>({} as any, {
get: (prop) => {
throw new Error(
`@supabase/supabase-js: Supabase Client is configured with the accessToken option, accessing supabase.auth.${prop} is not possible`
)
},
})
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@hf why would we not want folks to access this if the access token is set?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is it because we want to prevent supabase auth from overriding the access token set?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, it is because this overrides any Supabase Auth access token, so using supabase.auth.,,, makes no more sense, and this prevents that confusion for now.

What access token will storage receive? Not Supabase Auth's.

@hf hf force-pushed the hf/add-third-party-auth-support branch from c6fbbd1 to fd66b1a Compare July 28, 2024 09:17
@hf hf force-pushed the hf/add-third-party-auth-support branch from fd66b1a to 7b4c23f Compare July 28, 2024 09:31
@hf hf merged commit fa97643 into master Jul 29, 2024
1 check passed
@hf hf deleted the hf/add-third-party-auth-support branch July 29, 2024 06:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants