Damn... Thanks for this elaborate explanation. That is real nice of you!

Some users reported a bug that if they had an adblock extension, the cookie wouldn't get created.

You are welcome. Good luck and if you do have specific questions, even if they are Svelte, I might be able to help. I've solved the same problems just in different framworks

You reference cookie several times in the server-side code. What does that refer to?

As in what type of object or class. Not what the concept is 😛

is there a quick way to make user roles like admin on a site? this might be a stupid question but I'm really new to supabase and I can't figure it out. thanks in advance

I just want to make roles so only admins can see certain pages, but I don't need them to do any thing on the page other than read the text

I can think of a few ways.

I don't know your auth strategy, but if you create a private_profile table for each user that registers, you can add a

admin

column. Then in your RLS policies you would allow users with the admin flag set to true to see the resources

A second way would be using the service role and custom RPC

The first option looks like this:

create table profiles_private (
  id uuid references profiles(id) primary key,
  email text,
  admin boolean default false not null
);

alter table profiles_private
  enable row level security;

Then I have a trigger for when a new user is added.

drop trigger if exists on_auth_user_created on auth.users;
create trigger on_auth_user_created
  after insert on auth.users
  for each row execute procedure handle_new_user();

drop function if exists handle_new_user();
create function handle_new_user()
returns trigger
language plpgsql
security definer set search_path = public
as $$
begin
  insert into profiles_private (id, email)
  values (new.id, new.email);

  return new;
end;
$$;

Then I can create a function to help me out like this:

create or replace function get_is_admin()
returns boolean
language sql
security definer
set search_path = public
as $$
    select profiles_private.admin
    from profiles_private
    where profiles_private.id = auth.uid()
$$;

Then when I create my policy I use the

get_is_admin()

to check if the user is an admin.

so far I've only done what's on this page - https://supabase.com/docs/guides/with-nextjs

thanks for the detailed response, which way is simpler for a beginner? I just need something that's really simple but works

Sorry it's not more simple.

A custom rpc is similar, I mean in this case we created a few

I would use the RLS approach https://supabase.com/docs/guides/auth/row-level-security

If you want to use supabase it's really worth learning the basics of RLS.

oh wow, that's exactly the page I was looking for. thanks!

yeah, all the code I put up there would be used to setup the function you could use in your RLS policies, so read that first then this might make some more sense.

the examples come from a repo I created https://github.com/jensen/vote-now/blob/main/src/services/schema/tables.sql

has anyone been able to use supabase's auth with facebook and store the access token from facebook? I'm able to authenticate with facebook, but I'm not sure where I can find the access token.

to be clear: I'm looking to capture the facebook access token to make calls to facebook's api

I've only used discord as a provider, but haven't tried to use the provider token yet

I am pretty sure its impossible for the /verify endpoint @ supabase to set the token in LocalStorage for a different Host (where my react app sits). So whats the preferred way to let the user change his initial password (nobody knows) which he got on my inviteUserByEmail call ?

invite and access_token

hi, I tried to create an account using supabase python client,

user = supabase.auth.sign_up(email=random_email, password=random_password)

and got this response:

Traceback (most recent call last):
  File "/home/vicky/.local/lib/python3.7/site-packages/gotrue/helpers.py", line 16, in check_response
    response.raise_for_status()
  File "/home/vicky/.local/lib/python3.7/site-packages/httpx/_models.py", line 1508, in raise_for_status
    raise HTTPStatusError(message, request=request, response=self)
httpx.HTTPStatusError: Client error '422 Unprocessable Entity' for url 'https://kufinsjyxpnbeoqiaqcb.supabase.co/auth/v1/signup'
For more information check: https://httpstatuses.com/422

During handling of the above exception, another exception occurred:

is anyone having the issue? or it's just me?