https://supabase.com/ logo
Join Discord
Powered by
Cheers! I want my users to be able to be able to a...
# gotrue
h
Cheers! I want my users to be able to be able to access the API to insert content; e.g. primarily through Zapier. Ideally, I'd expose an OAuth flow where users can authenticate with my Supabase app from Zapier. Second best would be to let users generate an API key for themselves with no expiration date. It seems that acting as an OAuth provider is not currently supported (I might be wrong here, already), but is that on the roadmap or is there a good workaround you'd propose? Thank you!
j
Checked with the team and we don't think Supabase can act as an OAuth provider but just to take a set back we'd like to understand what the use case would be! Just taking wild guesses here please feel free to correct me: would we be looking to let only a specific set of users with a given passwords/keys write to the supabase instance? For instance, would the use case be for anyone to trigger the workflow but only for select users to be able to write to db? Not sure what you had in mind but would love to hear more!
b
You can do it but you need to create an api from scratch that uses the postgres db separately
h
Thanks for setting this thread up. Essentially, I am building a form of customizable “news reader”. As an example, a user should be able to ingest their reading list from Pocket into Supabase, from where it will be rendered in the news reader. Pocket is just an example, using Zapier, the user could curate data from their Strava, Google Sheets… into their news reader. Essentially, I’d envision as follows: a) There’s a table 
user_content
in Supabase with RLS (users can only insert and select their own rows) that contains the news items. b) User sets up a Zap that retrieves data from e.g. Pocket and inserts into 
user_content
, authenticating with Supabase in a way that the Zap can run autonomously (hence the API key/OAuth requirement) c) User logs into the news reader app and sees their curated data
Also, by having OAuth and/or an API key, users could write their own integrations, interacting with "their" data.
I have a Zap and Base running (with username and password "hardcoded"), if you give me your email address, I should be able to share this with you after removing the password bits 🙂
Finally got another Zapier trial to run this (all very rudimentary) 1. Register with email/password https://briefxyz.vercel.app/register & activate with link 2. Open this Zap https://zapier.com/shared/6a05c0822b8c54410096ceefd00ed83d08e8d270 3. In Zapier's Step 3, enter your email/password to authenticate. 4. Trigger the Zapier webhook with some content (you may have to replace the URL with the URL from Zapier Step 1 "Catch Hook") https://hooks.zapier.com/hooks/catch/2172538/b5mna7h/?content=test 5. Some content should appear at https://briefxyz.vercel.app In production, step 3 & 4 of the Zap would be a "Brief"-app in Zapier. While Zapier does allow to build apps with user/password authentication, that would require users to store their credentials with Zapier. Rather, I'd like to offer an OAuth flow, like most other Zapier integrations offer. Alternatively, users could create an API key and use it as authentication in Zapier. I believe this is helpful beyond this use case—any time another app wants to interact with user specific content stored in supabase, having OAuth or an API key would be much safer than storing credentials with said app.
PreviousNext
Powered by