Supabase is an open source Firebase alternative. Start your project with a Postgres database, Authentication, instant APIs, Edge Functions, Realtime subscriptions, and Storage.

Supabase

using discord oauth with supabase

why isn't the access_token being sent as a query param?

I guess the assumption is that you are authenticating from a JS client app, so the backend doesn't need the tokens.

<@!271586885346918400> more often than not, tokens are usually sent as a fragment (#) to mitigate in any risk in the token ending up on logs (when sent as a query) as the fragment is stripped by the browser.

unsure how to go about this now

i'm using sveltekit rn, and in my index.svelte i have a login button that calls `supabase.auth.signIn` (for discord oauth2). i then use a sveltekit endpoint as the callback after authorization, and in the endpoint i need the access token to fetch the user's data from discord itself, but as it's being sent as a fragment i'm not able to access them. calling `supabase.auth.session()` in the endpoint also seems to return null

I haven't used sevltekit but I'm guessing you can just pull the token from the fragment, no?

you'll need to push the tokens to your server on your own, preferably as POST body (to avoid dropping them into logs, as <@!600098710097100824> mentioned earlier)