Has anyone used Supabase database with a different Auth provider? How did you manage security rules?
Hey, so I’m using Firebase Auth in an existing application and it’s working wonders. I also plan on integrating other Firebase tools.
Right now Firestore is looking like it won’t meet my needs so I want to use a relational database. Supabase is what I’m looking at now but I’m curious how rules would be managed if I can’t match user IDs. Has anyone gone down this road before and can give me some tips? Thanks!
18 Replies
I wouldn't recommend changing unless there is a specific thing you absolutely need, as you will spend too much time on. That being said:
https://github.com/supabase/supabase/discussions/391
GitHub
Using Firebase Authentication (or 3rd party) with Supabase · Discus...
Hello, I have an existing web (Angular) application written using Firebase backend. It utilizes various Firebase modules: Authentication (with custom mailer templates), Firestore with triggers, Pub...
Ah yes, that would be a lot more work. I guess I’ll get back to optimizing my read and writes with Firestore. Appreciate you sharing that!
I meant I wouldn't recommend changing to Supabase without Supabase Auth. Changing from Firestore to Supabase database is an entirely different complex question.
I worked hard to stay on Firebase, but firestore just killed me on anticipated costs for even a 10,000 user app mainly because of the per request charges. Also all the hacks to do anything close to a text search on titles.
I was spending all my time fighting with the database based on price point and lack of relational features. I was mainly though from a PHP/MySQL background so Firestore was somewhat of a challenge to begin with.
I REALLY want to use Supabase but there’s a few things that Firebase handles better. With Supabase:
1. Signing up with an email that already exists doesn’t return an error. I would need to do a check first and throw my own error.
2. Setting up Google and Apple Auth in V2 is a bit of a pain. Couldn’t get it working.
3. Not sure how Firebase does it but with Supabase I need to update my Apple Secret every 6 months.
I was thinking of ditching all the email Auth and going with phone number only to simplify the flow but SMS costs can get pricy lol.
1. Actually Firebase Auth will just log you in and doesn't return an error unless you write your function to. The easy fix for that is to check if the email exists first in your frontend code.
2 & 3. Google Auth is very easy, Apple Auth is a pain on all platforms. I can't speak for changing out the secret, but I imagine that would be up to apple, not Supabase nor Firebase
I am a big fan of no passwords personally
I just went with 6 digit OTP signup (mainly because I'm doing a PWA and redirect won't work for that). I just went with a message that says "Note: If you already have an account please login" in the screen that waits for the 6 digit code. I figure the user knows if the have an account and should have used signIn instead of signUp.
Did you go with Twilio, message bird, or something else
No I'm using email/password, but confirm email with 6 digit OTP in the email rather than a redirect link.
Ah I complete forgot about that. I’ll look into that now actually
My target customer base is more professional and all have email, but all may only use specific social media platforms. I could not just support 1 or 2 and would have to still support email, so just doing email is easier to maintain long term. Then using the OTP versus redirect means you never leave the app and I control the page they go to wait for the 6 digit app on signup return, and they will quickly realize if they hit signin or signup by mistake in seeing the OTP input screen and the suggestion hint, which should be rare. But I'm not in production so who knows how reality will work out.
Yeah that makes perfect sense. I wonder if theres a way you can add a check if the email exists already on the signUp method that way you can hold the email in state and call signIn for them automatically and from a user perspective it's all one auth flow
Have you by chance setup the Google auth in React/React native?
All you do is add your key to the supabase dashboard, then run the signin code. Not much to it - https://supabase.com/docs/guides/auth/auth-google
Login with Google | Supabase
Add Google OAuth to your Supabase project
I'll take a look at it again, thank you. I was using Expo at the time and I believe there was another step to get the auth window up.
I don't think there is sign-in with popup though - https://github.com/supabase/supabase/discussions/4487, just redirects
GitHub
Google Auth Popup? · Discussion #4487 · supabase/supabase
is there a way to make it with popup instead of redirecting?
@garyaustin Ok I think I'm gonna make the switch to Supabase and just use OTP email log in. That way I also don't have to worry about password resets, confirmation links, it will just work. Thank you!
I'm able to do a text search filter on each key entry because in Supabase I can return only the title column and id from the row (instead of the whole "row" in Firestore which can be 1k). So no charge for 25 (page size) reads for each key press and 2% of the data transfer. I could not touch that in Firebase, let alone do a reasonable text search.
Oh yeah that's quite the difference. I also need relational date because with Firebase if a user is in a group and updates their avatar, I need to run a cloud function to update their photo URL or get the list of user docs on each render