Files
supabase/examples/remix-auth
dependabot[bot] 8cb1352cf1 chore(deps): bump minimist from 1.2.5 to 1.2.6 in /examples/remix-auth
Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6.
- [Release notes](https://github.com/substack/minimist/releases)
- [Commits](https://github.com/substack/minimist/compare/1.2.5...1.2.6)

---
updated-dependencies:
- dependency-name: minimist
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-06 06:17:58 +00:00
..
2022-01-12 16:08:05 +01:00
2022-01-12 19:03:06 +01:00
2022-01-12 19:03:06 +01:00

Remix Auth - Supabase Strategy with redirectTo

Authentication using signInWithEmail handling redirectTo.

Setup

  1. Copy .env.example to create a new file .env:
cp .env.example .env
  1. Go to https://app.supabase.io/project/{PROJECT}/api?page=auth to find your secrets
  2. Add your SUPABASE_URL and SUPABASE_SERVICE_ROLE in .env
SUPABASE_SERVICE_KEY="{SERVICE_KEY}"
SUPABASE_URL="https://{YOUR_INSTANCE_NAME}.supabase.co"

Using the Remix Auth & SupabaseStrategy 🚀

SupabaseStrategy provides checkSession working like Remix Auth isAuthenticated but handles token refresh

You must use checkSession instead of isAuthenticated

Example

This is using Remix Auth, remix-auth-supabase and supabase-js packages.

Thanks to Remix, we can securely use server only authentication with supabase.auth.api.signInWithEmail

This function should only be called on a server (loader or action functions).

⚠️ Never expose your service_role key in the browser

The /login route renders a form with a email and password input. After a submit it runs some validations and store user object, access_token and refresh_token in the session.

The /private routes redirects the user to /login if it's not logged-in, or shows the user email and a logout form if it's logged-in.

The /private/profile routes redirects the user to /login?redirectTo=/private/profile if it's not logged-in, or shows the user email and a logout form if it's logged-in.

If the user go to /private/profile and is not logged-in, it'll be redirected here after login success.

Handle refreshing of tokens (if expired) or redirects to /login if it fails

More use cases can be found on Remix Auth Supabase - Use cases