saas multi tenancy with separate authentication and user management for each tenant
I want to build an saas for business owners to customize prebuilt mobile apps and deploy them. I am not sure how I can have authentication for each mobile app and keep users for each app separate since each business will have their own users. Ideally I have a supabase project for each app but I have heard that is inefficient and I want to be able to scale this. Any feedback would be greatly appreciated.
7 Replies
each app is likely to have different back end needs ( tables, triggers, etc). Probably best to make template databases for the pre-built apps and then migrate the changes into new supabase projects for each app signed up
im making an order ahead application which has the exact same back end functions, only difference is identifying which store/user to reference in the api calls and i dont want the sign up for the actual app users to sign them up for every app using the backend/database only the one they want, is something like this possible?
so each store will have their own customized app that they change colors/theme and stuff and then once its published a user can sign up for it
Almost anything is possible as it is just a database. But how hard is a different issue. Having users in organizations/companies/teams can be done with tables identifying the user's roles. This can also be done for a limited number of things in the jwt itself as a custom claim.
Where things start getting difficult is if a user can be part of multiple things. You can only have one user email in the system so if a customer goes to two sites you have to deal with all of that in the tables/claims. You can't just have a the auth signup code in your company app code as it would try and create a user that already exists if they join for another company.
All of that would rely on RLS to sort what info the roles and users have access by looking at their claim or joining the company/role table in the policy.
That's specifically what I want to avoid, when one user has an account and tries to make another for a seperate app. Ideally it would be nice to automatically create a project and each uses their own separate database but that will probably be very costly hosting wise?
I don't know what costly is to you and how heavy your load is. A supabase instance lowest cost after the first one at $25 is $10 each for just compute. They all share egress and database storage so would go up as that increases but I would expect you would encounter the egress and database size extra costs even with 1 instance being shared.
So what you’re saying is I could have multiple or all on one, it’s still going to cost the same? If that’s the case what would you recommend I try to do for authentication for each app?
Each approach has advantages and tradeoffs. More to manage if you go with separate projects, but less complexity. Each customer could potential take the project with them or have their own domain also. If you change your schema you have to migrate it to every database.
Sharing a user table means having to have other tables to manage which businesses they are associated with and more complex on RLS. All companies would likely need to stay very similar in the schemas as they are shared.