next-auth icon indicating copy to clipboard operation
next-auth copied to clipboard

Published 20 hours ago โ€ข verified publisher icon nextauthjs

feat(adapters): Add Supabase adapter

Open msonnberger opened this issue 1 year ago โ€ข 7 comments

โ˜•๏ธ Reasoning

This PR adds an adapter for Supabase.

๐Ÿงข Checklist

  • [x] Documentation
  • [x] Tests
  • [x] Ready to be merged

msonnberger avatar Jul 30 '22 12:07 msonnberger

The latest updates on your projects. Learn more about Vercel for Git โ†—๏ธŽ

Name Status Preview Updated
next-auth โœ… Ready (Inspect) Visit Preview Nov 18, 2022 at 8:02AM (UTC)

vercel[bot] avatar Jul 30 '22 12:07 vercel[bot]

So first of all, thanks for the PR! Especially the thorough docs, readme, pr template update, etc! ๐ŸŽ‰

A few questions though:

  1. This is specifically designed to use just the Supabase hosted Postgres database as an adapter for next-auth, correct? I've skimmed the code and that seems to be the case, but just want to double check with you that this isn't designed to use Supabase auth in any way, correct? Because we had a similar issue/discussion in regard to Firabase with using Firestore as a backend vs Firebase Auth.
  2. The config.toml local Supabase dev config file seems to have a few of the other services still enabled. Can we disable those? i.e. buckets and auth?
  3. The db migrations seem to grant access to all the tables to the anon role. Is that necessary? I'm not super experienced with Postgres/Supabase, but wouldn't that grant public read-only rights to the tables?

Thanks again!

ndom91 avatar Jul 31 '22 15:07 ndom91

Also just fyi in case you didn't see, @balazsorban44 had previously worked on a Supabase adapter (https://github.com/nextauthjs/adapters/pull/188) but the PR was never merged.

ndom91 avatar Jul 31 '22 15:07 ndom91

@ndom91 Thanks for your feedback! Sorry for the delay but here are some answers:

this isn't designed to use Supabase auth in any way, correct? Because we had a similar issue/discussion in regard to Firabase with using Firestore as a backend vs Firebase Auth.

Correct, I've read the discussion and think that @chanceaclark's comment pretty much applies here as well. If you want however, I could take a look at Supabase Auth again and see what's possible/makes sense.

The config.toml local Supabase dev config file seems to have a few of the other services still enabled. Can we disable those?

I've disabled email and Apple auth services now, the others seem to be required by the CLI.

The db migrations seem to grant access to all the tables to the anon role. Is that necessary?

Thanks, I forgot about that. I made some changes and removed access for the anon role.

msonnberger avatar Aug 06 '22 09:08 msonnberger

@ndom91 Thanks for your feedback! Sorry for the delay but here are some answers:

this isn't designed to use Supabase auth in any way, correct? Because we had a similar issue/discussion in regard to Firabase with using Firestore as a backend vs Firebase Auth.

Correct, I've read the discussion and think that @chanceaclark's comment pretty much applies here as well. If you want however, I could take a look at Supabase Auth again and see what's possible/makes sense.

The config.toml local Supabase dev config file seems to have a few of the other services still enabled. Can we disable those?

I've disabled email and Apple auth services now, the others seem to be required by the CLI.

The db migrations seem to grant access to all the tables to the anon role. Is that necessary?

Thanks, I forgot about that. I made some changes and removed access for the anon role.

Hey no worries! So first off, no just using the supabase postgres as an adapter here is perfect! Don't worry about the supabase auth stuff.

Otherwise, thanks for fixing up those other minor comments! I'll take another look at this shortly, but should be more or less good to go then ๐Ÿฅณ

ndom91 avatar Aug 06 '22 10:08 ndom91

Any updates on this one?

kaufmann42 avatar Sep 09 '22 01:09 kaufmann42

@balazsorban44 @ThangHuuVu what do you think? This looks good to go to me :+1:

ndom91 avatar Sep 21 '22 13:09 ndom91

@balazsorban44 @ThangHuuVu Is there any update for that?

woohelps avatar Sep 28 '22 16:09 woohelps

what's the hold up here?

xlrops avatar Sep 29 '22 22:09 xlrops

It would be so nice if this one is getting merged ๐Ÿ’ช

basicsharp avatar Oct 03 '22 02:10 basicsharp

Bumping this PR up. Looks amazing! Chances of getting this in?

iamfeek avatar Oct 03 '22 05:10 iamfeek

Bumping this pr

ahyousif avatar Oct 12 '22 23:10 ahyousif

@lluia @ndom91 @balazsorban44 @ThangHuuVu, Could you guys review this PR and approve it? Thanks!

woohelps avatar Oct 13 '22 22:10 woohelps

Adding another bump. I dearly would like this. Supabase's own auth/helpers are currently in a state of flux, and not very clear to a newb. Any tutorials only seem to deal with half the issue, and the other half don't deal with full auth life cycle. To be able to plonk NextAuth in to have it manage this + still respecting Supabases RLS when interacting with it as the user would be amazing.

liamgsmith avatar Oct 21 '22 22:10 liamgsmith

Bumping this PR up. Looks amazing! cc: @ThangHuuVu @lluia

berik avatar Oct 23 '22 21:10 berik

Any update? Looks good!

fernandops26 avatar Oct 24 '22 06:10 fernandops26

First off thanks @msonnberger for this PR, there's clearly a need for this and sorry that we didn't manage to look into this earlier.

Regarding @liamgsmith comment

To be able to plonk NextAuth in to have it manage this + still respecting Supabases RLS when interacting with it as the user would be amazing.

As far as I understand this PR it would however not work with RLS as it basically just sets up tables in the public schema to manage users, accounts, and sessions for nextauth, correct? E.g. this would be the same as using the Sequelize or Prisma adapters with Postgres but rather than going directly through the database connection it goes through the Supabase Database API (PostgREST).

This means all auth business logic would need to live in your queries and would need to be server-side (e.g. filter data by logged in user's id etc) and you wouldn't be able to use RLS.

Let me chat with the team and see if there would be a way to hook into the relevant auth schema tables to make this work with NextAuth and RLS somehow.

thorwebdev avatar Oct 27 '22 02:10 thorwebdev

That would be awesome thanks @thorwebdev !

liamgsmith avatar Oct 27 '22 05:10 liamgsmith

@thorwebdev is attempting to deploy a commit to the NextAuth Team on Vercel.

A member of the Team first needs to authorize it.

vercel[bot] avatar Nov 08 '22 07:11 vercel[bot]

@ndom91 @balazsorban44 I've built on top of @msonnberger awesome work to document how to do RLS with NextAuth & Supabase ๐Ÿฅณ

The main changes:

  • updated to the latest version of supabase-js.
  • Changed to a separate next_auth schema namespace to separate the Auth logic from the public schema.
  • Document how to sign a JWT and append it to the session for usage with Supabase RLS.

Let me know if you have any questions or concerns with any of this!

thorwebdev avatar Nov 08 '22 07:11 thorwebdev

bumping up this pr

1finedev avatar Nov 08 '22 14:11 1finedev

Any recommendation on how to fix the type error when extending the session in the callback? image

thorwebdev avatar Nov 08 '22 16:11 thorwebdev

Any updates?

miguelsotobaez avatar Nov 13 '22 02:11 miguelsotobaez

Could anyone check this PR?

Lucasvo1 avatar Nov 14 '22 08:11 Lucasvo1

The PR has been thoroughly tested and is ready for review and merge ๐Ÿ‘

thorwebdev avatar Nov 15 '22 08:11 thorwebdev

Does this adapter use the default Auth schema of Supabase or does it create a separate schema?

Lucasvo1 avatar Nov 16 '22 10:11 Lucasvo1

Hi @ndom91, apologies, as I'm not sure what the process for having this approved is, but do you know if someone could have a look at this and ok it? I'd love to be able to implement this over the coming weekend.

liamgsmith avatar Nov 16 '22 21:11 liamgsmith

@ThangHuuVu thanks for the review. I went through the prisma schema and the sequelize model (FYI, they aren't identical) but I think I now picked everything from across them. PTAL :)

thorwebdev avatar Nov 18 '22 08:11 thorwebdev