orchid geode
Using Supabase, I can create login/registration pages that successfully create users. However, I'm not sure how to handle protected components/pages.
For example, with the display of Login/Registration buttons in a navbar, I could do something like implement a React component that fetches the user session using Supabase, and render based on that, but I feel like that's forcing a solution and working against the intention of Astro.
Docs and example code are not clear to me regarding the handling of cookies and localstorage:
Supabase SSR/auth docs say:
https://supabase.com/docs/guides/auth/server-side-rendering
refresh token are set as sb-access-token and sb-refresh-token cookies on the <project-ref>.supabase.co domain.
And then go on to say:
Note: These cookie names are for internal Supabase use only and may change without warning. They are included in this guide for illustration purposes only.
And indeed when I look at an example repo, it uses sbat as the cookie name:
https://github.com/magnuswahlstrand/astro-supabase-vercel/blob/main/src/auth.ts
My own checking in the browser shows no cookies, but a key in localStorage named sb-gdvkej...sixsq-auth-token does exist . I guess Supabase does set it in localstorage, per:
https://supabase.com/docs/reference/javascript/v0/auth-signout#cookies-and-localstorage-namespace
but I'm not sure the right way about retrieving it from localstorage (client based logic), and passing it to the server?
There's surprisingly little in the way of sample code for this in either Astrojs docs or Supabase docs, so any guidance would be greatly appreciated 🙂
pliant remnant
knotty wren