In the end of the post, you mention 2 libraries that helped you implement MFA. Upon further inspection they seem to be Go libraries. However from what I've seen Supabase is a TS/JS monorepo with no Go code.
Did you port the libraries to TypeScript? Or is the enteprise/managed cloud hosted infrastructure reliant on Go for internal things not available on the self hosted option?
Dumb question from someone who hasn’t been keeping up with this particular subsphere of app dev…
What’s the ideal use case for Supabase? It seems oriented towards “serverless” apps given the mentions of edge functions, but does it fit in as a component of an app with a more traditional back end?
Supabase is just Postgres. You can connect to the Postgres database using all the tools you're familiar with. Every project runs on an isolated ec2 instance (including free-tier)
We provide additional tools that make it easy to use/connect to the database (PostgREST, pgbouncer, etc), but these are completely optional
Not to be a debbie downer but I'm trying to integrate Supabase Auth right now and the redirectTo parameter is broken on the resetPasswordForEmail api call.
it's a good question - one we get often. despite our "firebase alternative" positioning, this isn't something that we plan to tackle, at least for the foreseeable future.
There are already great platforms out there (e.g. Netlify and Vercel), whereas there are still a lot of unsolved problems in the database/postgres space. We're focusing on database problems first-and-foremost and the backlog hasn't shrunk enough to even think about website hosting.
Likewise, is there a possibility of Supabase enabling push notifications or automated emails for its users? I have switched to Supabase for most of my newer projects, but honestly push notifications are the last thing tying me to firebase products. Perhaps it would be possible to add some Sendgrid integration within the dashboard, as you have done for Twilio Auth?
You surely can use Supabase to send push notifications and automated emails by integrating with OneSignal. Check out this example of a Supabase Edge Function being used conditionally send and email/push based on user preference.
yes, we're working with an integration partner for Push Notifications. check back on Friday :)
I believe the unfortunate situation with Push Notifications for Android is that you still need to sign up for Firebase project (because you need a Google/Firebase Server API Key).
i expect it will be ready by Q1 next year (maybe only in "early access"). we mention this in the blog post - we're dog-fooding it right now, before releasing for developers
If you need it sooner feel free to reach out, my contact details are in my profile.
I've created also an issue on github[0] but didn't get any reply yet. So, I'll try here.
How to do Custom Authentication? For example, LDAP Auth is not possible in the current version. And I still don't quite understand the API to implement it myself. Can you kindly provide me some pointers on how to do that? I don't need LDAP specifically, but just a dummy custom authentication code?
Sorry about the lack of response on that issue - I'll move this to the the GoTrue repo so the Auth team own it.
I don't want to answer here without the advice of the Auth team because custom authentication code has the potential of being unsafe. I've flagged it with them and they will make sure that you get a response.
Note this was written before edge functions were released, so it may make more sense to make these calls from edge functions, depending on what you're trying to do.
This is awesome, thank you very much. I've been looking to MagicLinks too, but I didn't know if they were safe the way I wanted to use it. Anyway, I will take inspiration from your repo.
LDAP auth is the only thing stopping me from using Supabase.
In case it's not clear - MFA is Multi Factor Authentication, and this one is for you, the developer, to use within your own apps
The neat thing about this one is that it flows all the way through to the JWT so that you can use it in a Postgres Row Level Security Policy:
You can see the `aal`, which is "Authenticator Assurance Level". This is aal1 for "no MFA", aal2 is 2 factor auth, etc...A few of the team will be here to answer questions