Handling authentication with Supabase

We’re going to look at how to register users in Supabase using a sign-up flow. We’ll start by understanding where and how Supabase manages user accounts, and then implement the logic needed to sign up new users to our app.

Now that users can sign-up, we need make it possible for them to sign-in so they can be authenticated and access the app. Let’s see how to do that in the following Lesson

Now that the user can sign-in, we need to implement the reverse flow that is sign-out. The sign-out generally redirects the user to the sign-in page, and also deletes the access_token from the browser (local_storage)

Let’s implement now a critical user flow: the reset password user flow. Supabase provides built-in methods to send a password reset email and to update the user's password once they've submitted a new one on the reset password page. To use this flow, you need to have already created a reset password page that includes one or two input fields for the new password.

Now that users can sign in to our app, we need to protect the frontend routes of our application. What does this mean? It means that only authenticated users (i.e., users with a valid JWT token) should be allowed to access certain pages. If a user is not authenticated, they should be redirected to the login page, where they can sign in. Additionally, if a user tries to access a protected page but is redirected to log in first, they should be automatically redirected back to the originally requested page after a successful sign-in. In the next lesson, I’ll show you how to implement this functionality in a simple and effective way.

Now that we have protected our frontend routes, we also need to prevent malicious users from using our api backend routes if they are not authenticated.

We’ll use a Supabase feature that leverages a database function to automatically create a record in the accounts table whenever a new user is added to the auth table.