S
Supabase2mo ago
Roman

Supabase for Backend

Hi everyone, I’m currently considering building a backend with Swift Vapor and using Supabase for storage and authentication. My question is: Can I use Supabase exclusively on the backend for everything, including user creation and JWT refresh? Or do I still need to integrate Supabase directly into the iOS app for authentication tasks like creating users and refreshing JWT tokens?
9 Replies
ihm40
ihm402mo ago
Authentication can be handled by supabase and it comes in various ways i.e email/password, oauth social logins via google/supabase, magick link sign in and so on. See this for a full list https://supabase.com/docs/guides/auth
Auth | Supabase Docs
Use Supabase to Authenticate and Authorize your users.
Roman
RomanOP2mo ago
That’s nice. But should the user be created on Front or Backend side?
ihm40
ihm402mo ago
usually you would use the supabase client to sign up a user on the frontend e.g 
const { data, error } = await supabase.auth.signUp({
  email: 'example@email.com',
  password: 'example-password',
})
const { data, error } = await supabase.auth.signUp({
  email: 'example@email.com',
  password: 'example-password',
})
where you have a form for email or password and some additional logic to confirm email you don't have to pass the email/password to the backend but if you wanted to do it in a backend you could do 
const { data, error } = await supabase.auth.admin.createUser({
  email: 'user@email.com',
  password: 'password',
  user_metadata: { name: 'Yoda' }
})
const { data, error } = await supabase.auth.admin.createUser({
  email: 'user@email.com',
  password: 'password',
  user_metadata: { name: 'Yoda' }
})
but anything with admin uses your service role key which should not be used on the client side
Roman
RomanOP2mo ago
So in this case, I would just verify the JWT in the backend from Supabase?
ihm40
ihm402mo ago
you don't have to do jwt verification this is built into supabase. After you sign up a user you can have an email sent to them to confirm which redirects them back to you website and finishes email confirmation. Then the user signs in using 
const { user, session, error } = await supabase.auth.signIn({
  email: 'example@email.com',
  password: 'example-password',
})
const { user, session, error } = await supabase.auth.signIn({
  email: 'example@email.com',
  password: 'example-password',
})
and this creates the bearer token for the user. and sets them to 'authenticated'
ihm40
ihm402mo ago
now when you interact with the backend the user profile is used and so you would use thing like RLS to restrict what the user can view/edit https://supabase.com/docs/guides/database/postgres/row-level-security
Row Level Security | Supabase Docs
Secure your data using Postgres Row Level Security.
ihm40
ihm402mo ago
thats for databases but generally you can set policies on all sorts of things like storage buckets (i believe)
Roman
RomanOP2mo ago
So, I’m trying to figure out how to set up Supabase as an authentication provider for my backend. I was wondering if I could just call the sign-in and sign-up methods from the backend, or is there a different flow I should be following?
ihm40
ihm402mo ago
yeah calling sign in/up/out is one way to go if that is what you want. Users need to confirm their email by default. It explains it more here https://supabase.com/docs/reference/javascript/auth-signup.

Did you find this page helpful?