Using Outseta for auth (token-based auth plugin) and exchanging an Outseta-signed JWT for a Supabased-signed JWT in WeWeb

I found this dev’s Twitter thread sharing how to leverage Supabase Edge Functions to exchange an Outseta-signed JWT for a Supabase-signed JWT - effectively enabling Outseta for auth to talk to Supabase as the back-end.

I am trying to build this setup in WeWeb (Outseta for auth/user management, Supabase for data collections), but I don’t know what this would look like using WeWeb’s plugins. What I am trying to achieve is this flow:

  1. User enters their email and password to create an account
  2. WeWeb makes a REST API call to Outseta’s Register Account endpoint
  3. Outseta tells Supabase who this user is so that they can securely access their data in WeWeb while I properly enforce Supabase’s RLS on the back-end
  4. Supabase now carries its own JWT for the user

However, I don’t see an obvious way to add this JWT to Supabase requests when creating/fetching collections from WeWeb.

Is there a secure way to accomplish this such that the JWT is stored securely and is throughout the app for all calls to Supabase (including collection fetches)?

Seem like we are missing a feature allowing you to set an external JWT token on our supabase instance. Please submit a feature request on feedback.weweb.io and we will add it on the next supabase release, we plan to improve this plugin this summer :slight_smile:

3 Likes

I think I managed to create a ticket!

1 Like

But I cannot find it on the feedback page…do they need approval to show up?

Hi, yeah it need to be manually added on the public roadmap, but no worries, your feedback end up in our backlog where we priorise every item to include them inside our private roadmap. The public roadmap is useful to get the hype about a feature from the community, but for lighter feature we handle it ourself :slight_smile:

1 Like