Skip to content

fix: route standard auth through backend API#22

Draft
shibinsp wants to merge 2 commits into
mainfrom
fix/21-validate-supabase-config
Draft

fix: route standard auth through backend API#22
shibinsp wants to merge 2 commits into
mainfrom
fix/21-validate-supabase-config

Conversation

@shibinsp

Copy link
Copy Markdown
Owner

Summary

  • move email/password login and signup to the backend auth API instead of the browser Supabase client
  • refresh expired access tokens through /api/v1/auth/refresh and restore persisted sessions from stored backend tokens
  • keep Google sign-in on Supabase, but show a clear warning and disable social auth when the frontend Supabase config is invalid or unreachable

Test plan

  • cd Frontend && npm run build
  • cd Frontend && npm run lint
  • curl -X POST https://relaxed-gates.vercel.app/api/v1/auth/login with invalid credentials returns backend 401 INVALID_CREDENTIALS instead of the browser failing on the dead Supabase hostname

Fixes #21

Make email/password login, signup, and token refresh independent of the frontend Supabase URL so production auth keeps working when Vercel ships a bad browser Supabase config. Keep social sign-in behind a reachable Supabase client and surface a clear warning when that path is unavailable.

Fixes #21

Co-Authored-By: Beeax
…ntials

- seed_data.py: create Supabase Auth users and set supabase_auth_id so the
  Supabase-based auth flow resolves seeded accounts; add idempotent
  --users-only mode that reuses the app engine (Supabase pooler SSL)
- README: replace non-existent @taskpulse.demo accounts with the real
  @acme.com / demo123 seed accounts and document the seed options

Refs #21

Co-Authored-By: Beeax
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Make production auth resilient to invalid frontend Supabase config

1 participant