gurkang Comments - Answer Overflow

gurkang

Posts Comments

CC#

•Created by gurkang on 4/7/2023 in #help

❔ Handling Supabase auth with dotnet backend. Is this way wrong/not the dotnet way?

Okay I'll give it a go and see if I can get it working 🙂 Thanks for the help! Appreciate it a lot

174 replies

CC#

•Created by gurkang on 4/7/2023 in #help

❔ Handling Supabase auth with dotnet backend. Is this way wrong/not the dotnet way?

I haven't have a problem yet with other systems getting rate limited when doing a similar setup. But those backends I've written in node/express. I mean, if you think about supabase as just an auth provider and it all does is acts like an extra microservice that "takes in an JWT, checks if it's correct, then returns user if it's not" is this really a big error?

174 replies

CC#

•Created by gurkang on 4/7/2023 in #help

❔ Handling Supabase auth with dotnet backend. Is this way wrong/not the dotnet way?

But I need the token to get the user information though?

174 replies

CC#

•Created by gurkang on 4/7/2023 in #help

❔ Handling Supabase auth with dotnet backend. Is this way wrong/not the dotnet way?

Well why wouldn't I? How else would you make sure that each and every request is correct and authenticated? Since all requests to this API needs to be authenticated isn't it just smart to check that for every request?

174 replies

CC#

•Created by gurkang on 4/7/2023 in #help

❔ Handling Supabase auth with dotnet backend. Is this way wrong/not the dotnet way?

Is there any reason why I couldn't do something like this:

builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddScheme<AuthenticationSchemeOptions, SupabaseAuthenticationHandler>(JwtBearerDefaults.AuthenticationScheme,
        options =>
        {
        }
    );

builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddScheme<AuthenticationSchemeOptions, SupabaseAuthenticationHandler>(JwtBearerDefaults.AuthenticationScheme,
        options =>
        {
        }
    );

And then in the SupabaseAuthenticationHandler :

public class SupabaseAuthenticationHandler: AuthenticationHandler<AuthenticationSchemeOptions>
{
    private string ApiKey { get; set; }
    
    public SupabaseAuthenticationHandler(IOptionsMonitor<AuthenticationSchemeOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock, string apikey) : base(options, logger, encoder, clock)
    {
        ApiKey = apikey;
    }
    
    protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
    {
        if (!Context.Request.Headers.ContainsKey("Authorization"))
        {
            return AuthenticateResult.NoResult();
        }

        var token = Context.Request.Headers["Authorization"];
        var client = new HttpClient();
        client.DefaultRequestHeaders.Add("Authorization", (string?)token);
        // var apiKey = builder.Configuration.GetValue<string>("apiKey");
        // client.DefaultRequestHeaders.Add("apikey", (string?)apiKey);
        // var res = await client.GetFromJsonAsync<UserFromSupabase>(
        //     builder.Configuration.GetValue<string>("supabaseUrl"));

        return AuthenticateResult.Success(new AuthenticationTicket( 
            new ClaimsPrincipal(
                new List<ClaimsIdentity>()), 
            JwtBearerDefaults.AuthenticationScheme));
    }

}

public class SupabaseAuthenticationHandler: AuthenticationHandler<AuthenticationSchemeOptions>
{
    private string ApiKey { get; set; }
    
    public SupabaseAuthenticationHandler(IOptionsMonitor<AuthenticationSchemeOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock, string apikey) : base(options, logger, encoder, clock)
    {
        ApiKey = apikey;
    }
    
    protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
    {
        if (!Context.Request.Headers.ContainsKey("Authorization"))
        {
            return AuthenticateResult.NoResult();
        }

        var token = Context.Request.Headers["Authorization"];
        var client = new HttpClient();
        client.DefaultRequestHeaders.Add("Authorization", (string?)token);
        // var apiKey = builder.Configuration.GetValue<string>("apiKey");
        // client.DefaultRequestHeaders.Add("apikey", (string?)apiKey);
        // var res = await client.GetFromJsonAsync<UserFromSupabase>(
        //     builder.Configuration.GetValue<string>("supabaseUrl"));

        return AuthenticateResult.Success(new AuthenticationTicket( 
            new ClaimsPrincipal(
                new List<ClaimsIdentity>()), 
            JwtBearerDefaults.AuthenticationScheme));
    }

}

174 replies

CC#

•Created by gurkang on 4/7/2023 in #help

❔ Handling Supabase auth with dotnet backend. Is this way wrong/not the dotnet way?

@AnievNekaj I'm alive and kicking. Just had to go away for a bit haha

174 replies

CC#

•Created by gurkang on 4/7/2023 in #help

❔ Handling Supabase auth with dotnet backend. Is this way wrong/not the dotnet way?

haha 😄

174 replies

CC#

•Created by gurkang on 4/7/2023 in #help

❔ Handling Supabase auth with dotnet backend. Is this way wrong/not the dotnet way?

I think I understand what I need to do. I will try a bit on my end to implement this and I'll update this thread when I get it working! Thanks again @AnievNekaj for the guidance and help

174 replies

CC#

•Created by gurkang on 4/7/2023 in #help

❔ Handling Supabase auth with dotnet backend. Is this way wrong/not the dotnet way?

I appreciate you explaining this for me! It's always good to a have better understanding of how all this works 🙂 It makes sense, but I'm still a bit unsure about how exactly I would fit my current needs to this way of working with auth. I would implement my own handlers and then add those to the Authentication.JwtBearer authentication scheme? And it is within these AuthenticationHandler<T> is where I would all the logic that is similar to my middleware, where I make a request to the supabase auth api endpoint and check wether i have a valid user response or not?

174 replies

CC#

•Created by gurkang on 4/7/2023 in #help

❔ Handling Supabase auth with dotnet backend. Is this way wrong/not the dotnet way?

Haha and now i'm confused again

174 replies

CC#

•Created by gurkang on 4/7/2023 in #help

❔ Handling Supabase auth with dotnet backend. Is this way wrong/not the dotnet way?

So I can implement IAuthenticationService to also add the supabase secret key to the request? Since I need not only the JWT but also that secret key for a valid request?

174 replies

CC#

•Created by gurkang on 4/7/2023 in #help

❔ Handling Supabase auth with dotnet backend. Is this way wrong/not the dotnet way?

Other than the request to authenticate the JWT (which, if successful return a user object) there is no other communication done from my BE to supabase. I have everything else on my own side, with a postgres DB where any user specific data just has the user_id from supabase as the foreign key

174 replies

CC#

•Created by gurkang on 4/7/2023 in #help

❔ Handling Supabase auth with dotnet backend. Is this way wrong/not the dotnet way?

I have a react frontend application and a dotnet core backend. They are totally separate. On the frontend side I am signing in users using the supabase auth api. This is done using the supabase node package. It basically lets me do await supabase.auth.signIn(credentials).. Supabase then handles everything else and returns a session and user. This session context is stored in a react context as well. On the backend side I need to authenticate the requests from my FE. And thus I am sending along the JWT that I get from supabase after successful authentication on their end to my backend API. Here, I am then using the JWT, along with a supabase secret key, to check against an endpoint /auth/user if the JWT is correct, and if it is, I get the user returned to my backend API. Now I know that the request from my FE is an authenticated one and I can access the user information of the user that initiated the request from my react application. I can do what I want here since I've got all the information needed on the user. , ie, return data that is specific to the user. @AnievNekaj Does this make sense?

174 replies

CC#

•Created by gurkang on 4/7/2023 in #help

❔ Handling Supabase auth with dotnet backend. Is this way wrong/not the dotnet way?

@TeBeCo I looked at that library but my problem is that since I'm signing in the user in the frontend, the session exists in the context of the react application. I don't see how I can share the exact same context between the FE and BE like you would need if you are using the C# libraries features like var user = supabase.Auth.CurrentUser. Since i'm lacking the session context on the BE side the only way I can figure out how to get the user without it already existing in the BE context is by manually calling the auth endpoint to get the user given the token and supabase credentials. I'm just very confused on how you would share the "session/context" using the more standard .net auth framework since the oauth login flow is more done on the FE side and the entire session/context is hosted on Supabase end. If I write my own authentication handler, is it basically the same as my middleware but I wrap it/extend it as some IAuthorizationHandler ?

174 replies

Gaming

Programming