Supabase is an open source Firebase alternative. Start your project with a Postgres database, Authentication, instant APIs, Edge Functions, Realtime subscriptions, and Storage.

Supabase

Hi everyone, I'm struggling to compare user entered password to the one in database. I need that for an e-mail change request, the standard - you must enter your password to be able to change it

Hello <@351006685587963916>!
This thread has been automatically created from your message in <#843999948717555735> a ``few seconds ago``.

Pinging <@&951828363943759883> so that they see this as well!

**Want to unsubscribe from this thread?**
Right-click the thread in Discord (or use the ... menu) and select **Leave Thread** to unsubscribe from future updates.

**Want to change the title?**
Use the `/title` command!

**We have solved your problem?**
Click the button below to archive it.

passwords in the db are hashed, so you would need to hash the password provided by the user BEFORE comparing it to the one in the db

pw, err := bcrypt.GenerateFromPassword([]byte("password"), bcrypt.DefaultCost)

you would need to do the equivalent in whatever language you are using

(bcrypt comes from golang.org/x/crypto/bcrypt)

Thnak you! I have one last question. How to acutally get the hash from auth DB?

not sure what you mean by auth DB - the password hash is in the auth.users table (in the password column)

Yeah that, but i have yet to figure out how to read this value in my app

You will have to write a security definer function to access auth schema from the api.

This  might give you some ideas.   https://github.com/supabase/supabase/discussions/4042
I would just pass the text password in, and return true or false if it matches.   Make sure you use auth.uid() to get the password so the call is safe (don't pass it in).

Thread was archived by <@351006685587963916>. Anyone can send a message to unarchive it.