Features
Authentication
Server side authentication using Supabase
The Importance of Server-Side Authentication
In today's digital landscape, where security breaches and data theft are increasingly prevalent, ensuring the safety of user data is paramount. One critical aspect of securing an application is the method used for authentication. While both client-side and server-side authentication are common practices, server-side authentication is generally considered superior for several compelling reasons.
Enhanced Security
Server-side authentication significantly reduces the risk of sensitive data exposure. Since authentication processes and credentials are handled on the server, there is less risk of them being intercepted or tampered with by malicious actors. Client-side authentication, on the other hand, involves storing and processing credentials on the user's device, making it more susceptible to attacks like code injection, reverse engineering, and data breaches.
Centralized Control
With server-side authentication, all user data and authentication logic are managed centrally on the server. This centralization allows for more straightforward updates and maintenance, ensuring that any security patches or improvements can be rolled out universally without requiring action from end users. In contrast, client-side authentication would necessitate updates to be pushed to all user devices, which can be cumbersome and less reliable.
Improved User Experience
Server-side authentication can offer a more seamless and consistent user experience. Users do not have to worry about losing access due to device-specific issues or the need to repeatedly re-authenticate. Centralized session management on the server ensures that users can access the application smoothly across multiple devices without compromising security.
Robust Access Control
Implementing server-side authentication enables finer control over user access and permissions. It allows for sophisticated authorization mechanisms, such as role-based access control (RBAC) and context-aware authentication, which are difficult to implement securely on the client side. By managing these aspects server-side, administrators can ensure that only authorized users have access to specific resources and actions within the application.
Easier Compliance with Regulations
Data protection regulations, such as GDPR and CCPA, mandate strict handling and protection of user data. Server-side authentication helps in adhering to these regulations by ensuring that user credentials and authentication processes are handled securely on the server. This reduces the risk of data leakage and helps maintain compliance with legal requirements.
Setting up Supabase
Setup Email Templates
In your Supabase dashboard go to Authentication > Email Templates
Change Confirm signup
source to
Change Magic Link
source in your Supabase Dashboard in Authentication > Email Templates
Change SiteUrl
Click on the link to the left on your Supabase Dashboard that says Url Configuration
and set it to http://localhost:5173
for local development and to your domain name for your app.
Username and Password
By default SvelteLaunch is setup with passwordless login. If you would like to use Username/Password
go to your /routes/auth/login/+page.js
file and set magicLink
to false
Social Login
Enable social logins in your Supabase Dashboard and add your login button.