by Supertokens Team
So you’re creating a web app and have decided to use Supabase. You now face the decision of how you want to implement authentication.
Supabase comes with its own authentication solution, based on a fork of Netlify’s goTrue.
It provides authentication flows like email-password, social login, and phone number based OTP and is ideal for quickly building out authentication for many use cases.
However, if your app is going to scale to a large number of users or have non-standard requirements, it may make sense to consider alternatives since GoTrue has some limitations:
For example:
For B2C apps: Features like account linking only link accounts that share the same email.
For B2B apps: There is currently no support for multi factor authentication.
Now that we know the limitations, let’s dive deeper into when to use Supabase auth and when to consider other solutions:
Use Supabase Auth if:
Consider alternative solutions if:
So what third-party options are available that offer the flexibility you need and, are easy to use? We have a blog that compares some of the most popular solutions out there, but today we are looking at SuperTokens, how it can adapt to accommodate your custom requirements and why it pairs so well with Supabase.
SuperTokens is an Open Source Authentication solution. We have a managed service, but if you prefer to handle your own data, you can use our self-hosted solution. We built SuperTokens from the ground up to be easy to use and customizable.
Note: SuperTokens requires you to have an api layer. If your app does not require a discrete api layer, Supabase auth is a more viable option.
You can learn more about SuperTokens architecture and how customizations work from our guide.
Here is a list of possible use cases and how SuperTokens can help you achieve them.
Restrict signups to work emails: If your app requires users to sign up with their work-related emails or Google workspace-associated domains, you can use the SuperTokens email validator functions to enforce the check.
Collect more information on signup: Collect user’s name and age on the Sign Up or Sign In pages.
Use your own SMS / email sending service: Don’t like the default email and SMS templates? Create your own email and SMS content! You can also choose your own delivery method if you don’t want to use the default service.
Migration: SuperTokens allows you to migrate users from other auth providers to SuperTokens and preserve the users’ original userId. This allows you to continue to use any data you had mapped to the previous provider’s userId.
Here are some examples of custom flows we’ve already built:
Say you have a custom requirement where you want to verify a user’s ownership of an email before they type in a password during sign-up.
Example app with email verification before entering the password during sign up.
Instead of having the user click a link during email verification, maybe you would like them to enter an OTP.
In this flow, users create an account using their phone number and password.
These are just some of the use cases that SuperTokens supports. If you have a custom requirement, feel free to join our discord. We are passionate about Auth and would love to discuss your use case.
We provide a guide on how to secure you Supabase app with SuperTokens. The guide details the process of leveraging Supabase’s Row Level Security feature to create powerful authorization policies so only authorized users can access data.
In the end, the authentication solution you choose depends on your use case.
For apps where you need to quickly setup simple authentication flows, Supabase Auth is a great choice.
For startups or mid-level organisations looking for an open-source authentication solution that can grow with their organisation, SuperTokens is a great choice.
Written by the Folks at SuperTokens — hope you enjoyed! We are always available on our Discord server. Join us if you have any questions or need any help.