search
Getting StartedPlatformReference
githubEdit

Setup with Supabase

How to use Rollup ID with Supabase

hashtag
Overview

As of April 2023, Supabase does not support the OIDC standardarrow-up-right as a form of authentication. As a workaround, Rollup repurposes their Keycloak plugin to achieve the same effect.

This involves multiple redirects:

spinner

In order to implement these hops, configure Rollup, Supabase, and your app as follows:

hashtag
Console Configuration

Request authorization for the Email scope and set the Redirect URL to the Supabase Keycloak provider's redirect URL. You can get the redirect URL from the Keycloak provider configuration (see below).

Set the redirect URL in Console to the Supabase callback URL and request the email and profile scopes.
Rollup Console Configuration for the Supabase callback and required scopes.

Required scope values are:

  • Email

  • Profile

OpenID is an optional scope suggested for standards-compliant OIDC connections.

Save and publish your application.

hashtag
Supabase Configuration

Within Supabase, select "Authentication" a nd then under "Configuration" select "Providers" and under the "Email" settings disable "Confirm Email" and save.

Next go to the Keycloak settings and enable Keycloak.

Update your Keycloak configuration's Client ID and secret with the values from your Rollup Console Application.

Set your Keycloak Realm to https://passport.rollup.id (the screenshot below shows our development environment).

Copy your callback URL here and use it in your Rollup Console Application configuration (see above).

Screenshot of Keycloak provider configuration for Supabase.
Keycloak provider configuration for Supabase.

Save your settings.

hashtag
App Configuration

Within your application, use the Supabase library to sign the user in with the configured Keycloak provider:

PreviousSetup with Auth0NextSetup with NextAuth.js

Last updated