How are you handling user auth and data management when working with both Supabase and Xano?

How do we go about signing up and logging users in when there are collections in the app from both Xano and Supabase?

Since only one Auth Plugin can be configured at a time, is it then necessary to use a generic JWT token approach and configure that with both Supa and Xano? Or if using Supa as the auth provider, the user profile and auth.users table should live in Supabase and the data in Xano tables should be “unprotected” or “tokenless”?

Or would best practice be to use one Auth plugin, get the token into WeWeb and use that as the primary current user and then run a manual API call action to signup/login to the second platform? And thus daisy chain the user both on the in and out?

Why would you even do this. Anyway. The easiest scenario I can immagine is, Xano ↔ Supabase model where you check for the authenticity of the key you get either from Xano, or Supabase. It really boils down to what features you want to use. For example, in Xano, you can make a check based on the auth token from Supabase you pass in, and viceversa, and upon the data you get from that check, you decide what to do noext.

1 Like

I’d say I would do something like what @Broberto is mentioning.

At the end of the day, a token is just that, a token. It can be checked against any backend. Then the best practice would be IMO to store user IDs (sync’ed) in both backend, and have 1-1 and 1-many relationships between data and user IDs, then check the token against the user ID ALWAYS on the backend side. But that obviously means that IDs need to be stored and updated if needed in both backends using some webhooks when a user changes.

Yeah, it’s just about linking the data, and making your own middleware to validate the tokens.

@Broberto @Quentin Sounds good guys, thank you for the insight and guide, all makes sense and will do.

1 Like