Supabase Auth Integration - vm5lab/SaaSKit GitHub Wiki

๐Ÿ” Supabase Auth Integration

SaaSKit integrates Supabase Auth to provide a secure, scalable authentication layer with support for email, OAuth providers (e.g. Google, GitHub), and Row Level Security (RLS) enforcement.

๐Ÿšช Authentication Flow Overview

  1. User signs in via email or OAuth provider.
  2. Supabase creates a session token (JWT).
  3. Session is stored client-side and accessed server-side via Supabase client.
  4. Server Actions can access the user securely.
  5. Supabase RLS rules enforce access control at the database level.

๐Ÿ›  Setting Up Supabase Auth

1. Create a Supabase Project

2. Configure Environment Variables

Add the following to your .env.local:

SUPABASE_URL=https://your-project.supabase.co
SUPABASE_ANON_KEY=your-anon-key

๐Ÿงช Supported Auth Methods

Method Supported Notes
Email Magic Link โœ… Default and simple to use
OAuth (Google, GitHub) โœ… Enable via Supabase Auth dashboard
Third-party JWTs โš ๏ธ Planned Extendable for enterprise integrations

To enable OAuth providers:

  1. Go to Supabase dashboard โ†’ Authentication โ†’ Providers
  2. Enable and configure Google, GitHub, etc.

๐Ÿ‘ฅ User Model

The default Supabase Auth table stores users in the auth.users table. You can create a custom User table in your Prisma schema and join it with auth.users using the id.

model User {
  id         String  @id @default(uuid())
  email      String  @unique
  role       String  @default("user")
  createdAt  DateTime @default(now())
}

๐Ÿ”„ Session Management

Supabase session management is handled with:

  • lib/supabase.ts: Initializes Supabase client
  • lib/auth.ts: Utility to get the current session and user
  • Server Actions can access getCurrentUser() securely

๐Ÿ›ก Row Level Security (RLS)

To enforce secure access control:

  1. Enable RLS on your tables
  2. Add policies like:
-- Allow user to read their own data
CREATE POLICY "Users can read their own record"
  ON "public"."User"
  FOR SELECT
  USING (auth.uid() = id);
  1. Apply similar logic for INSERT, UPDATE, DELETE as needed.

๐Ÿ”’ Role-Based Access Control (RBAC)

Roles can be managed:

  • In your User table (e.g., role: "admin")
  • In your frontend via Middleware (e.g., redirect if not admin)
  • In your RLS policies (e.g., only allow "admin" role to access a table)

๐Ÿง  Middleware Example

// middleware.ts
export function middleware(req) {
  const session = getSessionFromCookie(req)
  if (!session) return redirect("/auth/login")

  const role = session.user.role
  if (req.nextUrl.pathname.startsWith("/admin") && role !== "admin") {
    return redirect("/dashboard")
  }
}

โœ… Summary

  • Supabase Auth supports email and OAuth logins
  • Sessions are secure and accessible on both client & server
  • RLS policies ensure users only access their own data
  • Role-based logic can be applied at the frontend or DB level
  • Easy to extend with more providers and custom flows

Next: Learn more about how Server Actions handle secure business logic in SaaSKit.