by Supertokens Team Introduction So you’re creating a web app and have decided to use Supabase. You now face the decision of how you want to implement authentication. Supabase comes with its own authentication solution, based on a fork of . Netlify’s goTrue It provides authentication flows like email-password, social login, and phone number based OTP and is ideal for quickly building out authentication for many use cases. However, if your app is going to scale to a large number of users or have non-standard requirements, it may make sense to consider alternatives since GoTrue has some limitations: For example: For B2C apps: Features like account linking only link accounts that share the same email. For B2B apps: There is currently no support for multi factor authentication. Now that we know the limitations, let’s dive deeper into when to use Supabase auth and when to consider other solutions: : Use Supabase Auth if You need to quickly set up an app with Email-Password, Social Login, or Phone number-based authentication methods. Your app does not need a custom flow or you do not require multi-factor authentication. : Consider alternative solutions if You’re building a high-growth startup that will have a large number of users or will be selling to big companies. Require features such as: language translations, multi-factor authentication, and field validators. You require a custom flow - For example, You are building a streaming service and would like to limit the number of active sessions for a user, or maybe you need to verify a user’s email before a user enters their password during sign-up. So what third-party options are available that offer the flexibility you need and, are easy to use? We have a that compares some of the most popular solutions out there, but today we are looking at SuperTokens, how it can adapt to accommodate your custom requirements and why it pairs so well with Supabase. blog What is SuperTokens? SuperTokens is an Open Source Authentication solution. We have a managed service, but if you prefer to handle your own data, you can use our self-hosted solution. We built SuperTokens from the ground up to be easy to use and customizable. Note: SuperTokens requires you to have an api layer. If your app does not require a discrete api layer, Supabase auth is a more viable option. What does SuperTokens offer? All popular sign up methods such as passwordless (with email or SMS), email and password, social login. A Pre-built UI that is hosted on your domain itself. SDKs that will handle automatically create and manage user’s session tokens (access & refresh tokens). Hosted and self hosted options that enable you to manage your own data. 2FA, user roles, SAML and more on the way! The ability to easily customize the end-user experience or the backend auth logic within your API layer: This is what makes SuperTokens really powerful. You can learn more about SuperTokens architecture and how customizations work from our . guide Examples of some customizations you can make with SuperTokens: Here is a list of possible use cases and how SuperTokens can help you achieve them. : If your app requires users to sign up with their work-related emails or Google workspace-associated domains, you can use the SuperTokens email validator functions to enforce the check. Restrict signups to work emails : Collect user’s name and age on the Sign Up or Sign In pages. Collect more information on signup : Don’t like the default email and SMS templates? Create your own email and SMS content! You can also choose your own delivery method if you don’t want to use the default service. Use your own SMS / email sending service : SuperTokens allows you to migrate users from other auth providers to SuperTokens and preserve the users’ original userId. This allows you to continue to use any data you had mapped to the previous provider’s userId. Migration Example apps with custom flows Here are some examples of custom flows we’ve already built: Verify a users email before they enter their password during Sign Up Say you have a custom requirement where you want to verify a user’s ownership of an email before they type in a password during sign-up. Example app with . email verification before entering the password during sign up Email Verification with OTP Instead of having the user click a link during email verification, maybe you would like them to enter an OTP. Example app with . email verification with OTP Login with Phone number Password In this flow, users create an account using their phone number and password. Example app with . phone number and password login These are just some of the use cases that SuperTokens supports. If you have a custom requirement, feel free to join our . We are passionate about Auth and would love to discuss your use case. discord Integrating SuperTokens into Supabase We provide a on how to secure you Supabase app with SuperTokens. The guide details the process of leveraging Supabase’s Row Level Security feature to create powerful authorization policies so only authorized users can access data. guide Conclusion In the end, the authentication solution you choose depends on your use case. For apps where you need to quickly setup simple authentication flows, Supabase Auth is a great choice. For startups or mid-level organisations looking for an open-source authentication solution that can grow with their organisation, SuperTokens is a great choice. Written by the Folks at — hope you enjoyed! We are always available on our Discord server. Join us if you have any questions or need any help. SuperTokens

Flow

Google

Understanding Roles-Based Access Control (RBAC)

Using SuperTokens in a VueJS App With Your Own UI

See our website for repositories

Nominated for 2022 - HackerNoon Contributor of the Year - Security

Nominated for 2022 - HackerNoon Contributor of the Year - Authentication

Nominated for 2022 - HackerNoon Contributor of the Year - Open Source

Too Long; Didn't Read

Protecting Your Supabase App With SuperTokens Authentication

Protecting Your Supabase App With SuperTokens Authentication

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

All you need to know about user session security

161 Stories To Learn About Authentication

3 Reasons for B2C Enterprises to Implement Single Sign-on Authentication

4 Dangers of Sticking with Outdated MFA Methods

The Noonification: Tailwindcss? Ill Pass (8/27/2023)

80% Devices in 2023 Are Already Passkey-Ready: Apple, Microsoft, and Google Pushing It Even Higher

All you need to know about user session security

161 Stories To Learn About Authentication

3 Reasons for B2C Enterprises to Implement Single Sign-on Authentication

4 Dangers of Sticking with Outdated MFA Methods

The Noonification: Tailwindcss? Ill Pass (8/27/2023)

80% Devices in 2023 Are Already Passkey-Ready: Apple, Microsoft, and Google Pushing It Even Higher

Light-Mode

Classic

Newspaper

Minty

Dark-Mode

Neon Noir

Minty

HN StartUps