mirror of
https://github.com/supabase/supabase.git
synced 2026-07-04 18:34:26 +08:00
119 lines
4.3 KiB
Plaintext
119 lines
4.3 KiB
Plaintext
---
|
|
title: 'Auth'
|
|
description: 'Supabase auth'
|
|
---
|
|
|
|
# Auth
|
|
|
|
<iframe
|
|
width="560"
|
|
height="315"
|
|
src="https://www.youtube.com/embed/6ow_jW4epf8"
|
|
title="YouTube video player"
|
|
frameborder="0"
|
|
allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture"
|
|
allowfullscreen
|
|
></iframe>
|
|
|
|
## User Management
|
|
|
|
Supabase makes it simple to manage your users.
|
|
|
|
<video width="99%" playsinline controls>
|
|
<source src="/docs/videos/auth-zoom2.mp4" type="video/mp4" playsInline />
|
|
</video>
|
|
|
|
When users sign up, Supabase assigns them a unique ID. You can reference this ID anywhere in your database. For example, you might create a '`profiles`' table referencing id in the `auth.users` table using a `user_id` field.
|
|
|
|
Supabase provides the routes to [sign up](https://supabase.com/docs/reference/javascript/auth-signup), [log in](https://supabase.com/docs/reference/javascript/auth-signin), [log out](https://supabase.com/docs/reference/javascript/auth-signout), and manage users in your apps and websites.
|
|
|
|
## Third Party Logins
|
|
|
|
We currently support the following OAuth providers:
|
|
|
|
<AuthProviders />
|
|
|
|
You can enable providers by navigating to Authentication > Settings > External OAuth Providers and inputting your `Client ID` and `Secret` for each.
|
|
|
|
<img src="https://supabase.com/docs/assets/images/supabase-oauth-logins-465421be6d56c5d1bedf19df6786c520.png" />
|
|
|
|
## Row Level Security
|
|
|
|
Authentication only gets you so far. When you need granular authorization rules, nothing beats PostgreSQL's [Row Level Security (RLS)](https://www.postgresql.org/docs/current/ddl-rowsecurity.html). Supabase makes it simple to turn RLS on and off.
|
|
|
|
<video width="99%" playsinline controls>
|
|
<source src="/docs/videos/rls-zoom2.mp4" type="video/mp4" playsInline />
|
|
</video>
|
|
|
|
## Policies
|
|
|
|
[Policies](https://www.postgresql.org/docs/current/sql-createpolicy.html) are PostgreSQL's rule engine. They are incredibly powerful and flexible, allowing you to write complex SQL rules which fit your unique business needs.
|
|
|
|
<video width="99%" playsinline controls>
|
|
<source src="/docs/videos/policies-zoom2.mp4" type="video/mp4" playsInline />
|
|
</video>
|
|
|
|
With policies, your database becomes the rules engine. Instead of repetitively filtering your queries, like this...
|
|
|
|
```Javascript
|
|
const loggedInUserId = 'd0714948'
|
|
let { data, error } = await supabase
|
|
.from('users')
|
|
.select('user_id, name')
|
|
.eq('user_id', loggedInUserId)
|
|
|
|
// console.log(data)
|
|
// => { id: 'd0714948', name: 'Jane' }
|
|
```
|
|
|
|
... you can simply define a rule on your database table, `auth.uid() = user_id`, and your request will return the rows which pass the rule, even when you remove the filter from your middleware:
|
|
|
|
```Javascript
|
|
let user = await supabase.from('users').select('user_id, name')
|
|
|
|
// console.log(data)
|
|
// Still => { id: 'd0714948', name: 'Jane' }
|
|
```
|
|
|
|
## How It Works
|
|
|
|
1. A user signs up. Supabase creates a new user in the `auth.users` table.
|
|
2. Supabase returns a new JWT, which contains the user's `UUID`.
|
|
3. Every request to your database also sends the JWT.
|
|
4. Postgres inspects the JWT to determine the user making the request.
|
|
5. The user's UID can be used in policies to restrict access to rows.
|
|
|
|
Supabase provides a special function in Postgres, `auth.uid()`, which extracts the user's UID from the JWT. This is especially useful when creating policies.
|
|
|
|
## Tips
|
|
|
|
**Enable Realtime for database tables**
|
|
|
|
Realtime server broadcasts database changes to authorized users depending on your Row Level Security (RLS) policies. We recommend that you enable row level security and set row security policies on tables that you add to the publication. However, you may choose to disable RLS on a table and have changes broadcast to all connected clients.
|
|
|
|
```sql
|
|
/**
|
|
* REALTIME SUBSCRIPTIONS
|
|
* Realtime enables listening to any table in your public schema.
|
|
*/
|
|
|
|
begin;
|
|
-- remove the realtime publication
|
|
drop publication if exists supabase_realtime;
|
|
|
|
-- re-create the publication but don't enable it for any tables
|
|
create publication supabase_realtime;
|
|
commit;
|
|
|
|
-- add a table to the publication
|
|
alter publication supabase_realtime add table products;
|
|
|
|
-- add other tables to the publication
|
|
alter publication supabase_realtime add table posts;
|
|
```
|
|
|
|
## Next Steps
|
|
|
|
- Read more about Auth in the [Guides](https://supabase.com/docs/guides/auth/intro).
|
|
- Sign in: [app.supabase.com](https://app.supabase.com/)
|