Hey! Someone that can help me set up Supabase Auth...
# helpd
dreinon
04/13/2022, 10:59 PMHey! Someone that can help me set up Supabase Auth with Google in my Appsmith app? 😀
n
Needle
04/13/2022, 10:59 PMHello @dreinon!
This thread has been automatically created from your message in #843999948717555735 a ``few seconds ago``.
Pinging @User so that they see this as well!
Want to unsubscribe from this thread?
Right-click the thread in Discord (or use the ... menu) and select Leave Thread to unsubscribe from future updates.
Want to change the title?
Use the
/titleg
garyaustin
04/13/2022, 11:54 PMYou are not likely to get much help on this unless you ask specific Supabase issues you are having or give some sample code you have tried. Don't know how many Appsmith users are here.
n
Needle
04/13/2022, 11:54 PMdreinon (2022-04-13)
d
dreinon
04/14/2022, 12:59 AM@garyaustin right, what I don't really understand is the auth flow between the supabase gotrue rest api and the client in order to get authenticated. More specifically, what to do with the tokens that get attached to the hash when Google redirects to the redirect_uri specified. How can I use the access_token, refresh_token, etc
g
garyaustin
04/14/2022, 1:39 AMI'll be honest, I stick with the Supabase client code which deals with that, so don't mess with the details. Hopefully someone else jumps in with better info. But...
Basically you use the jwt as a bearer token in the authorization header to access specific user data. The refresh token is used to get a new jwt before the expiration time, so you don't need to sign in again.
https://github.com/supabase/gotrue#post-token
talks about using the refresh token to get a new jwt (and refresh token for next time as it is marked "dead" when used).
d
dreinon
04/14/2022, 3:27 AMRight, I wish I could use the supabase client in Appsmith but for now dependencies cannot be installed or used other than 4 libs they provide you
dreinon
04/14/2022, 3:28 AMThat's why I need to do it by rest api
dreinon
04/14/2022, 3:33 AMAnd about the tokens, I understand now what they are used for, but I don't really know how to implement all this. I think the refresh_token has to be saved in local storage in order to use it whenever, but do I also have to save the access token, or just request a new access token with the refresh_token every time? All this is what I don't really get
g
garyaustin
04/14/2022, 3:39 AMWell I can say the js client saves both in local storage. Your access token expires in an hour so you must refresh it before that if being used "live", or refresh it on startup with the refresh token if that time has passed. You then get a new access and refresh token.
d
dreinon
04/14/2022, 8:57 AMThe refresh token doesn't expire?
g
garyaustin
04/14/2022, 1:31 PMIf a user signs out then all refresh tokens for that user are revoked. Users can sign in on multiple devices. The token is also revoked as soon as it used to get a jwt token.