Hi,
I’m building a multi-tenant app with a Supabase backend where RLS and Supabase auth are fully enforced, so the backend is secure.
The frontend is in WeWeb and deployed on a custom domain. What I want to achieve is simple: if someone visits any page (like mydomain.com/page1) without being logged in, they should be redirected to the login page.
If I use WeWeb’s “Private Access” to restrict the page, it blocks the page completely, including any page-load workflow I might use to trigger a redirect. So no redirect happens, just a blank or locked screen.
If I don’t use Private Access and only rely on a workflow that checks for authentication and redirects accordingly, it works, but it feels like it could be bypassed easily from the frontend.
Since Supabase handles the real security through RLS, what’s the best way in WeWeb to handle this redirect behavior properly? I want to prevent confusion for users and still maintain proper access control.
Thanks.
