Features

Authentication

Server side authentication using Supabase

# The Importance of Server-Side Authentication

In today's digital landscape, where security breaches and data theft are increasingly prevalent, ensuring the safety of user data is paramount. One critical aspect of securing an application is the method used for authentication. While both client-side and server-side authentication are common practices, server-side authentication is generally considered superior for several compelling reasons.

# Enhanced Security

Server-side authentication significantly reduces the risk of sensitive data exposure. Since authentication processes and credentials are handled on the server, there is less risk of them being intercepted or tampered with by malicious actors. Client-side authentication, on the other hand, involves storing and processing credentials on the user's device, making it more susceptible to attacks like code injection, reverse engineering, and data breaches.

# Centralized Control

With server-side authentication, all user data and authentication logic are managed centrally on the server. This centralization allows for more straightforward updates and maintenance, ensuring that any security patches or improvements can be rolled out universally without requiring action from end users. In contrast, client-side authentication would necessitate updates to be pushed to all user devices, which can be cumbersome and less reliable.

# Improved User Experience

Server-side authentication can offer a more seamless and consistent user experience. Users do not have to worry about losing access due to device-specific issues or the need to repeatedly re-authenticate. Centralized session management on the server ensures that users can access the application smoothly across multiple devices without compromising security.

# Robust Access Control

Implementing server-side authentication enables finer control over user access and permissions. It allows for sophisticated authorization mechanisms, such as role-based access control (RBAC) and context-aware authentication, which are difficult to implement securely on the client side. By managing these aspects server-side, administrators can ensure that only authorized users have access to specific resources and actions within the application.

# Easier Compliance with Regulations

Data protection regulations, such as GDPR and CCPA, mandate strict handling and protection of user data. Server-side authentication helps in adhering to these regulations by ensuring that user credentials and authentication processes are handled securely on the server. This reduces the risk of data leakage and helps maintain compliance with legal requirements.

# Setting up Supabase

# Setup Email Templates

In your Supabase dashboard go to Authentication > Email Templates

Change Confirm signup source to

        <h2>Confirm your signup</h2>

<p>Follow this link to confirm your user:</p>
<p><a href="{{ .SiteURL }}/api/auth/confirm?token_hash={{ .TokenHash }}&type=signup">Confirm your mail</a></p>

      

Change Magic Link source in your Supabase Dashboard in Authentication > Email Templates

        <h2>Magic Link</h2>

<p>Follow this link to login:</p>
<p><a href="{{ .SiteURL }}/api/auth/confirm?token_hash={{ .TokenHash }}&type=magiclink">Log In</a></p>

      

# Change SiteUrl

Click on the link to the left on your Supabase Dashboard that says Url Configuration and set it to http://localhost:5173 for local development and to your domain name for your app.

# Username and Password

By default SvelteLaunch is setup with passwordless login. If you would like to use Username/Password go to your /routes/auth/login/+page.js file and set magicLink to false

# Social Login

Enable social logins in your Supabase Dashboard and add your login button.