Can I use supabase just for authentication purpose? Lets say I have 2-3 nodejs services which I want to connect to frontend. (Note: These backend services are written in nodejs which makes use of redis mongodb job scheduler etc) Now how will backend nodejs services understand that data requested by frontend user is authenticated? Assume I want to connect multiple services like payment/checkout, job scheduling service (which uses nodejs+redis) etc. Should I do something similar mentioned in this discussion: https://github.com/supabase/supabase/discussions/2125 Any other suggestions or best practices to follow in such scenario? Thanks in advance 🙂

With every request, I believe you would check the headers for the auth token, and using the JWT available from the dashboard, you'd decode the contents of the header. This will give you details about the user that's attempting to access the service.

So are you suggesting something like this https://github.com/supabase/supabase/discussions/1094#discussioncomment-587587

Yeah, that seems right. The first link would be used if you wanted to act like a different user. The second link seems to explain the process of decoding the token, so you'd take the steps in the second link to attain the

sub

property (which is the user ID in the DB). You can then use this in your other services - e.g. if you've got some Stripe backend somewhere, you could use this to assign a Stripe payment to the correct user.

Is it ok if I store the JWT secret provided by supabase on my backend services which are in Nodejs and Golang for validating the jwt token