feat(adapters): Add Supabase adapter

[msonnberger]

☕️ Reasoning

This PR adds an adapter for Supabase.

🧢 Checklist

• Documentation
• Tests
• Ready to be merged

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Updated
next-auth	✅ Ready (Inspect)	Visit Preview	Nov 18, 2022 at 8:02AM (UTC)

[ndom91]

So first of all, thanks for the PR! Especially the thorough docs, readme, pr template update, etc! 🎉

A few questions though:

1. This is specifically designed to use just the Supabase hosted Postgres database as an adapter for next-auth, correct? I've skimmed the code and that seems to be the case, but just want to double check with you that this isn't designed to use Supabase auth in any way, correct? Because we had a similar issue/discussion in regard to Firabase with using Firestore as a backend vs Firebase Auth.
2. The config.toml local Supabase dev config file seems to have a few of the other services still enabled. Can we disable those? i.e. buckets and auth?
3. The db migrations seem to grant access to all the tables to the anon role. Is that necessary? I'm not super experienced with Postgres/Supabase, but wouldn't that grant public read-only rights to the tables?

Thanks again!

[ndom91]

Also just fyi in case you didn't see, @balazsorban44 had previously worked on a Supabase adapter (nextauthjs/adapters#188) but the PR was never merged.

[msonnberger]

@ndom91 Thanks for your feedback! Sorry for the delay but here are some answers:

this isn't designed to use Supabase auth in any way, correct? Because we had a similar issue/discussion in regard to Firabase with using Firestore as a backend vs Firebase Auth.

Correct, I've read the discussion and think that @chanceaclark's comment pretty much applies here as well. If you want however, I could take a look at Supabase Auth again and see what's possible/makes sense.

The config.toml local Supabase dev config file seems to have a few of the other services still enabled. Can we disable those?

I've disabled email and Apple auth services now, the others seem to be required by the CLI.

The db migrations seem to grant access to all the tables to the anon role. Is that necessary?

Thanks, I forgot about that. I made some changes and removed access for the anon role.

[ndom91]

@ndom91 Thanks for your feedback! Sorry for the delay but here are some answers:

this isn't designed to use Supabase auth in any way, correct? Because we had a similar issue/discussion in regard to Firabase with using Firestore as a backend vs Firebase Auth.

Correct, I've read the discussion and think that @chanceaclark's comment pretty much applies here as well. If you want however, I could take a look at Supabase Auth again and see what's possible/makes sense.

The config.toml local Supabase dev config file seems to have a few of the other services still enabled. Can we disable those?

I've disabled email and Apple auth services now, the others seem to be required by the CLI.

The db migrations seem to grant access to all the tables to the anon role. Is that necessary?

Thanks, I forgot about that. I made some changes and removed access for the anon role.

Hey no worries! So first off, no just using the supabase postgres as an adapter here is perfect! Don't worry about the supabase auth stuff.

Otherwise, thanks for fixing up those other minor comments! I'll take another look at this shortly, but should be more or less good to go then 🥳

[kaufmann42]

Any updates on this one?

[ndom91]

@balazsorban44 @ThangHuuVu what do you think? This looks good to go to me 👍

[woohelps]

@balazsorban44 @ThangHuuVu Is there any update for that?

[xlrops]

what's the hold up here?

[basicsharp]

It would be so nice if this one is getting merged 💪

[iamfeek]

Bumping this PR up. Looks amazing!
Chances of getting this in?

[ahyousif]

Bumping this pr

[woohelps]

@lluia @ndom91 @balazsorban44 @ThangHuuVu, Could you guys review this PR and approve it? Thanks!

[liamgsmith]

Adding another bump.
I dearly would like this. Supabase's own auth/helpers are currently in a state of flux, and not very clear to a newb. Any tutorials only seem to deal with half the issue, and the other half don't deal with full auth life cycle.
To be able to plonk NextAuth in to have it manage this + still respecting Supabases RLS when interacting with it as the user would be amazing.

[vercel]

@thorwebdev is attempting to deploy a commit to the NextAuth Team on Vercel.

A member of the Team first needs to authorize it.

[thorwebdev]

@ndom91 @balazsorban44 I've built on top of @msonnberger awesome work to document how to do RLS with NextAuth & Supabase 🥳

The main changes:

• updated to the latest version of supabase-js.
• Changed to a separate next_auth schema namespace to separate the Auth logic from the public schema.
• Document how to sign a JWT and append it to the session for usage with Supabase RLS.

Let me know if you have any questions or concerns with any of this!

[1finedev]

bumping up this pr

[miguelsotobaez]

Any updates?

[Lucasvo1]

Could anyone check this PR?

[thorwebdev]

The PR has been thoroughly tested and is ready for review and merge 👍

[Lucasvo1]

Does this adapter use the default Auth schema of Supabase or does it create a separate schema?

[liamgsmith]

Hi @ndom91, apologies, as I'm not sure what the process for having this approved is, but do you know if someone could have a look at this and ok it? I'd love to be able to implement this over the coming weekend.

[ThangHuuVu]

I added a couple of comments regarding unique constraints, let me know what you think! Thanks everyone for the PR, let's get this merged soon 🙌

[thorwebdev]

@ThangHuuVu thanks for the review. I went through the prisma schema and the sequelize model (FYI, they aren't identical) but I think I now picked everything from across them. PTAL :)

[ThangHuuVu]

🚀