mirror of
https://github.com/supabase/supabase.git
synced 2026-07-06 19:44:24 +08:00
Begin the process of moving our MDX files into their own content directory. Fixed a few minor bugs re: ToC and tabs not rerendering consistently on page navigation. (The ToC thing wasn't a problem before the refactor, the tabs thing is a problem on prod.) Moved MDX files can't import their own components, so everything they require needs to be back in the component prop for mdx-remote's serializer. Cleaned this up a bit and lazy-loaded heavy/rare stuff. Also, the component prop doesn't take arbitrary objects (only actual components), so imported data has to be wrapped in a component.
149 lines
5.6 KiB
Plaintext
149 lines
5.6 KiB
Plaintext
---
|
|
id: 'auth'
|
|
title: 'Auth'
|
|
description: 'Use Supabase to Authenticate and Authorize your users.'
|
|
subtitle: 'Use Supabase to authenticate and authorize your users.'
|
|
video: 'https://www.youtube.com/v/6ow_jW4epf8'
|
|
---
|
|
|
|
There are two parts to every Auth system:
|
|
|
|
- **Authentication:** should this person be allowed in? If yes, who are they?
|
|
- **Authorization:** once they are in, what are they allowed to do?
|
|
|
|
Supabase Auth is designed to work either as a standalone product, or deeply integrated with the other Supabase products.
|
|
Postgres is at the heart of everything we do, and the Auth system follows this principle. We leverage Postgres' built-in Auth functionality wherever possible.
|
|
|
|
Here's a quick, 2 minute tour of the Auth features built-in to Supabase:
|
|
|
|
<div className="video-container">
|
|
<iframe
|
|
src="https://www.youtube-nocookie.com/embed/6ow_jW4epf8"
|
|
frameBorder="1"
|
|
allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture"
|
|
allowFullScreen
|
|
></iframe>
|
|
</div>
|
|
|
|
## Authentication
|
|
|
|
You can authenticate your users in several ways:
|
|
|
|
- Password-based methods such as email or phone and password
|
|
- Passwordless methods such as sending a magiclink or one-time password (OTP)
|
|
- OAuth social providers
|
|
- SAML SSO
|
|
|
|
### Providers
|
|
|
|
We provide a suite of Providers and login methods, as well as [Auth helpers](/docs/guides/auth/auth-helpers/).
|
|
|
|
#### Social Auth
|
|
|
|
<div className="container" style={{ padding: 0 }}>
|
|
<AuthProviders type="social" />
|
|
</div>
|
|
|
|
#### Phone Auth
|
|
|
|
<div className="container" style={{ padding: 0 }}>
|
|
<AuthProviders type="phone" />
|
|
</div>
|
|
|
|
### Configure third-party providers
|
|
|
|
You can enable third-party providers with the click of a button by navigating to Authentication > Providers > Auth Providers and inputting your `Client ID` and `Secret` for each.
|
|
|
|

|
|
|
|
### Redirect URLs and wildcards
|
|
|
|
We've moved the guide for setting up redirect URLs [here](/docs/guides/auth/concepts/redirect-urls).
|
|
|
|
#### [Netlify preview URLs](/docs/guides/auth/concepts/redirect-urls#netlify-preview-urls)
|
|
|
|
#### [Vercel preview URLs](/docs/guides/auth/concepts/redirect-urls#vercel-preview-urls)
|
|
|
|
#### [Mobile deep linking URIs](/docs/guides/auth/concepts/redirect-urls#mobile-deep-linking-uris)
|
|
|
|
## Authorization
|
|
|
|
When you need granular authorization rules, nothing beats PostgreSQL's Row Level Security (RLS).
|
|
|
|
Policies are PostgreSQL's rule engine. They are incredibly powerful and flexible, allowing you to write complex SQL rules which fit your unique business needs.
|
|
|
|
Get started with our [Row Level Security Guides](/docs/guides/auth/row-level-security).
|
|
|
|
### Row Level Security
|
|
|
|
Authentication only gets you so far. When you need granular authorization rules, nothing beats PostgreSQL's [Row Level Security (RLS)](https://www.postgresql.org/docs/current/ddl-rowsecurity.html). Supabase makes it simple to turn RLS on and off.
|
|
|
|
<video width="99%" muted playsInline controls={true}>
|
|
<source
|
|
src="https://xguihxuzqibwxjnimxev.supabase.co/storage/v1/object/public/videos/docs/rls-zoom2.mp4"
|
|
type="video/mp4"
|
|
/>
|
|
</video>
|
|
|
|
### Policies
|
|
|
|
[Policies](https://www.postgresql.org/docs/current/sql-createpolicy.html) are PostgreSQL's rule engine. They are incredibly powerful and flexible, allowing you to write complex SQL rules which fit your unique business needs.
|
|
|
|
<video width="99%" muted playsInline controls={true}>
|
|
<source
|
|
src="https://xguihxuzqibwxjnimxev.supabase.co/storage/v1/object/public/videos/docs/policies-zoom2.mp4"
|
|
type="video/mp4"
|
|
/>
|
|
</video>
|
|
|
|
With policies, your database becomes the rules engine. Instead of repetitively filtering your queries, like this ...
|
|
|
|
```js
|
|
const loggedInUserId = 'd0714948'
|
|
const { data, error } = await supabase
|
|
.from('users')
|
|
.select('user_id, name')
|
|
.eq('user_id', loggedInUserId)
|
|
|
|
// console.log(data)
|
|
// => { id: 'd0714948', name: 'Jane' }
|
|
```
|
|
|
|
... you can simply define a rule on your database table, `auth.uid() = user_id`, and your request will return the rows which pass the rule, even when you remove the filter from your middleware:
|
|
|
|
```js
|
|
const { data, error } = await supabase.from('users').select('user_id, name')
|
|
|
|
// console.log(data)
|
|
// Still => { id: 'd0714948', name: 'Jane' }
|
|
```
|
|
|
|
### How it works
|
|
|
|
1. A user signs up. Supabase creates a new user in the `auth.users` table.
|
|
2. Supabase returns a new JWT, which contains the user's `UUID`.
|
|
3. Every request to your database also sends the JWT.
|
|
4. Postgres inspects the JWT to determine the user making the request.
|
|
5. The user's UID can be used in policies to restrict access to rows.
|
|
|
|
Supabase provides a special function in Postgres, `auth.uid()`, which extracts the user's UID from the JWT. This is especially useful when creating policies.
|
|
|
|
## User management
|
|
|
|
Supabase provides multiple endpoints to authenticate and manage your users:
|
|
|
|
- [Sign up](/docs/reference/javascript/auth-signup)
|
|
- [Sign in with password](/docs/reference/javascript/auth-signinwithpassword)
|
|
- [Sign in with passwordless / one-time password (OTP)](/docs/reference/javascript/auth-signinwithotp)
|
|
- [Sign in with OAuth](/docs/reference/javascript/auth-signinwithoauth)
|
|
- [Sign out](/docs/reference/javascript/auth-signout)
|
|
|
|
When users sign up, Supabase assigns them a unique ID. You can reference this ID anywhere in your database. For example, you might create a `profiles` table referencing `id` in the `auth.users` table using a `user_id` field.
|
|
|
|
<video width="99%" muted playsInline controls={true}>
|
|
<source
|
|
src="https://xguihxuzqibwxjnimxev.supabase.co/storage/v1/object/public/videos/docs/auth-zoom2.mp4"
|
|
type="video/mp4"
|
|
/>
|
|
</video>
|