Why Supabase Auth?

Supabase Auth handles the entire authentication lifecycle: email/password, OAuth providers (Google, Apple, GitHub), magic links, and session management. It's built on top of GoTrue and integrates directly with Supabase's Row Level Security.

The Setup Problem

Wiring Supabase Auth into a React Native + Expo project takes 4-8 hours the first time:

• Configure @supabase/ssr for cookie-based sessions
• Set up deep linking for OAuth callbacks on iOS and Android
• Handle token refresh on app resume
• Configure SecureStore for token persistence
• Wire RLS policies for authenticated queries
• Test across email, OAuth, and magic link flows

How AI App Factory Handles It

All of the above is pre-configured:

• Server client via getSupabaseServerClient() — async, cookie-based
• Browser client via createBrowserClient from @supabase/ssr
• TokenHandlerInBrowser component handles OAuth redirect token-to-cookie conversion
• RLS policies on all default tables
• Deep linking configured for Expo on both platforms

You get a working auth flow on day one. No configuration. No debugging OAuth callbacks at 2am.

What's Included

Feature	Status
Email/password signup	Pre-configured
Google OAuth	Pre-configured
Apple Sign-In	Pre-configured
Magic link	Pre-configured
Session persistence	SecureStore
Token refresh	Automatic
RLS policies	Default set included

Technical Details

// Server-side — always use this
const supabase = await getSupabaseServerClient();
const { data: { user } } = await supabase.auth.getUser();

// Never use createClient from @supabase/supabase-js
// It uses localStorage, which doesn't work server-side

The AI agents (Architect and Executor) understand this pattern. When you ask them to add a feature that requires authentication, they automatically use the correct client and wire RLS policies.

Related

• NestJS API Backend — how the backend validates Supabase JWTs
• RevenueCat Payments — subscription gating after auth
• Full-Stack Monorepo — see the complete architecture