Fix P7: Public sign up page with org auto-provisioning#106
Open
bmoss2015 wants to merge 2 commits into
Open
Conversation
Adds /signup so new users can create an account without being invited.
- src/app/(auth)/signup/page.tsx: clean form matching the login page
design (Full Name, Email, Password), inline link back to /login,
Terms/Privacy disclaimer linking to the new legal pages, 'check
your email' state for projects with confirm-email enabled
- src/app/(auth)/_actions.ts: new signUp() server action creates a
fresh org row (named '${fullName}'s Workspace') via service client,
then calls supabase.auth.signUp with org_id + role='admin' +
full_name in metadata so the existing on_auth_user_created trigger
(migration 0012) auto-provisions the profile in the new org. Rolls
back the org row if the auth signUp fails (e.g. duplicate email)
- src/app/(auth)/login/page.tsx: 'Create Account' link in the footer
so existing users can find the new flow
- src/proxy.ts: /signup added to PUBLIC_PATHS so signed-out users can
reach it and signed-in users get bounced home
No Stripe, no paywall, no onboarding wizard, per brief. New users land
in the empty portal with admin role for their freshly-created org.
Google OAuth sign-in button was in the brief as '(existing
integration)' but there is no existing Supabase Google OAuth auth
flow in the codebase (the existing Google OAuth wires Gmail to inbox
sync, not authentication). Skipped for this PR to keep scope tight
and ship the working email/password path; happy to add it in a
follow-up after Bree enables Google in the Supabase Auth dashboard.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
This pull request has been ignored for the connected project Preview Branches by Supabase. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Self-serve registration. New users get a fresh org with admin role, no invite required.
/signuproute under (auth) with a clean form matching the login pagesignUp()action creates an org via service client (named${fullName}'s Workspace), then callssupabase.auth.signUpwith org_id + role='admin' + full_name in metadata. The existing trigger from migration 0012 picks up the metadata and auto-provisions the profile in the new org.auth.signUpfails (duplicate email, etc.)No Stripe, no paywall, no onboarding wizard per the brief.
Google OAuth note
The brief mentioned a 'Google OAuth sign in button (existing integration)' but the existing Google OAuth in this repo wires Gmail to inbox sync, not authentication. Building auth-side Google OAuth requires (a) enabling Google in the Supabase Auth dashboard and (b) extending the auth callback to bootstrap an org for OAuth-created users, since the
handle_new_usertrigger only fires when org_id is in metadata and OAuth signup can't pass metadata.I skipped it to keep this PR shippable. Happy to add it in a follow-up once Google is enabled in the Supabase Auth provider settings.
Auto-confirm caveat
If your Supabase project has email confirmation enabled, new users will hit the 'Check Your Email' state instead of landing in the portal. If you want zero-friction signup (brief: 'After sign up, user lands in the portal'), turn off email confirmation in Supabase Auth settings, or enable auto-confirm for new signups.
Verify on preview
<preview>/signupwhile logged out, fill the form, submitorgsnamed 'Test Name's Workspace' and the user's profile has role='admin'Co-Authored-By: Claude Opus 4.7 (1M context) noreply@anthropic.com