Supabase Auth provides a comprehensive, PostgreSQL-based authentication and authorization service with multiple user sign-in options and granular access control through Row Level Security.
Supabase offers a multi-faceted approach to user authentication. Users can sign in using traditional password-based methods with email or phone credentials, or they can opt for passwordless logins via magic links or OTPs. Additionally, Supabase supports OAuth social providers like Google and Facebook, SAML SSO, and includes a variety of social auth providers such as GitHub, Slack, and Spotify.
Configuring third-party providers is made easy with Supabase’s user-friendly interface, which allows the input of Client IDs and Secrets for enabling various services. Moreover, Supabase has addressed the setup of redirect URLs, including those needed for Netlify and Vercel preview URLs as well as mobile deep linking URIs.
Beyond authentication, Supabase enables complex authorization rules with PostgreSQL's Row Level Security (RLS). RLS and policies empower developers to create sophisticated and precise access control directly within the database. This negates the need for repetitive query filtering in code, as rules set in the database enforce access restrictions efficiently.
Supabase administers several endpoints that simplify user management, from sign-ups to sign-outs. When users register, they receive a unique ID which can be referenced throughout the database, such as in a profiles table. The system works by generating JWTs for users, which are then used by PostgreSQL to check access permissions based on RLS policies.