π Authentication
T4 uses Supabase (opens in a new tab) for authentication.
π Overview
The authentication flow in T4 involves the following steps:
User Registration
Users can register their accounts using Supabase's email authentication or sign in directly through various third-party providers such as Google, Apple, and Discord. This allows users to choose their preferred method for signing up.
Email Verification
After registering, users receive an email to verify their email address. They need to click on the verification link to confirm their account.
User Login
Once registered and verified, users can log in to T4 using Supabase's email authentication or directly through third-party providers.
Password Recovery
If users forget their password, they can initiate a password recovery process. Supabase will send them an email with instructions on how to reset their password. (Note: to be implemented)
π© Setup
Frontend
The frontend needs the Supabase URL
and Supabase Key
to initialize the Supabase client. This is your Project URL
and public Project API key
from the Supabase dashboard.
Backend
The API server needs the JWT Secret
from Supabase to verify the JWTs sent by the client.
This is placed inside .dev.vars
as JWT_VERIFICATION_KEY
.
π Concepts Explained
JSON Web Tokens (JWT)
Once a user is authenticated, T4 utilizes JSON Web Tokens (JWT) to manage and maintain user sessions. The JWT contains encoded information about the user's identity and authentication details. This token is securely stored on the client side (e.g., in secure storage or cookies) and sent with each request to authenticate and authorize the user's access to protected resources.
Authorization and Access Control
You can use a JWT to implement authorization and access control mechanisms within D1.
When creating user data, you can associate the data with the user's ID. This allows you to restrict access to the data based on the user's privileges. For example, you can restrict access to a user's data to only the user who created it. This is similar to PostgreSQL's Row Level Security (RLS). (opens in a new tab)
The user's ID is stored in the JWT. You can create separate tables in your D1 database to track user roles and permissions.