The open source Firebase alternative.
Logflare is the hub of analytics streams for Supabase. We are open sourcing it so that you can self-host your own Logging infrastructure.
You can now self-host Edge Functions and run them in local development using our new Edge Runtime. We published a guide showing how to self-host Edge Functions with Fly and what more is coming ⚡
Supabase Storage received many of the most requested features from our users: Resumable Uploads, Quality Filters, Next.js support, and WebP support.
On day 4, we introduced SSO with SAML 2.0, PKCE, and Sign in with Apple for iOS. It felt like acronym day, but it was actually Auth day!
Supabase Studio got a major upgrade that goes from redesigns to improved developer experience, and new tools. We have the features people have been asking for and new capabilities that will change the way you work.
database.dev fills the same role for PostgreSQL as npm
for JavaScript or pip
for Python, it enables publishing libraries and applications for repeatable deployment. Our goal is to create an open ecosystem for packaging and discovering SQL.
The most popular GraphQL IDE/API explorer is now built into the dashboard! You can now explore and query your GraphQL API produced by pg_graphql
.
We've updated our Docs search functionality to use pgvector
+ OpenAI. Still no cease and desist from Microsoft, so you can continue to ask Clippy any Supabase-specific questions 📎💚
Do you use multiple Edge Functions in your project? Then celebrate! Supabase CLI 1.36+ now supports serving multiple Edge Functions at the same time.
To enable the feature, just run supabase functions serve
in your project.
We rewrote the Postgres Dockerfile with multi-stage builds so that each extension is compiled in its own separate stage. This reduces the size of the image from 1.3GB to 250MB, enabling a much faster boot time.
We've improved database role management. You can create, update, and delete database roles through the dashboard. Just one small step towards column-level security
API docs got a light touchup and were moved to the table editor. You can now look up API methods and generate & download type files right there ✨
Postgres Extensions: We're rolling out some fixes for several Postgres extensions. Check your Dashboard notifications to see if you need to take any actions.
Auth: Added full OpenAPI 3.0 spec which provides a comprehensive overview of the API with documentation on each request. PR
Database: supabase-js now infers the response type from your query. If the inferred type is incorrect, you can use .returns<MyType>()
to override it. Doc
Dashboard: Improved database roles management, you can now create, update and delete database roles through the dashboard. Dashboard
Dashboard: We've provided a reference panel showing all available paths that can be queried from each respective source that improves the Logs Explorer experience. Dashboard
- Edge Functions: upgraded to Deno 1.30.3, that supports TypeScript 4.9.x and introduces satisfies
. Thanks to Benjamin Dobell 🙏. PR
The first month of the year was very productive here at Supabase. Here is a highlight of what we shipped during January:
pgvector is a popular PostgreSQL extension for storing embeddings and performing vector similarity search. It was one of the most requested extensions by the AI/ML community and is now available thanks to gregnr.
Greg wasted no time and took pgvector for a spin, he combined it with OpenAI to build Supabase Clippy, a next-generation doc search. The first implementation is a 1-week MVP and fully open source, so you can build on top of it.
We have released extensive reference docs for C# and Python, detailing every object and method. What are you going to build?
Views, Materialized Views, and Foreign Tables are three database objects that provide a powerful way to access and organize and transform data without duplication.
WebP is a modern image format that provides superior lossless and lossy compression for images on the web. We are enabling format conversion by default for anyone who has Image Transformations. You can opt out by including format: origin in the transformation parameters.
- Postgres Extension: Another powerful and time-tested extension, pg_repack, is added to Supabase. [PR] - Auth: Multi-tab session support using the new browser BroadcastChannel API. If a user logs out on one tab, they will now be logged out on all tabs. [PR] - Postgres: Superior speed with lz4 database compression. [PR] - Postgres: Use ICU locales and collations for text attribute ordering in database queries. [PR] - Docs: New guide on scheduling functions with pg_cron. [Guide] - Edge Functions: You can now download source codes of deployed edge functions from the CLI. [Doc]
Launch Week 6 is just around the corner! We’re saving most of November’s updated as a surprise for Launch Week, but we still had time to ship some goodies this month.
Next week, we go all out for LW6. It’s 5 days of shipping, including major features requested by the community. You don’t want to miss a thing, so make sure to claim your free ticket (and you might win some very special SupaSwag).
It’s here! The much-awaited Remix Auth Helpers make server-side auth even easier and with a better experience. Up to date with supabase-js V2 and can be used with Typescript.
We launched a new YouTube series, Edgy Edge Functions, where we take a deep look at a new function every week.
Plus, we published three new functions examples: Generate OG Images, Build API servers using Oak, and Generate Screenshots using Puppeteer.
NextAuth Supabase Adapter. Docs. This allows you to run NextAuth as your authentication server while storing user and session data in a dedicated next_auth
schema in your Supabase Database. Complete with support for RLS. Do note that NextAuth is a standalone Authentication server that does not interface with Supabase Auth and therefore provides a different feature set.
Fixed two issues with the supabase.auth.signOut
function: cookies not clearing properly and session not removed.
You can now customize magic links by providing access to the {{ .TokenHash }}
. PR
Now you can do redirects from your functions. PR
Conda support (conda install -c conda-forge supabase
and everything else in py)
The new versions of our two most popular SDKs have been fully released. It couldn’t have happened without our amazing community, thanks to everyone involved. Now, it’s time to build 🛠
Try supabase-js V2
Try flutter-supabase V1
Next.js is all the rage right now 🔥
Next.js Conf raised the bar for dev conferences. We had the honor of being a Gold Sponsor, so we revamped our Next.js Quickstart guide to include our pre-built Auth UI and Auth Helpers.
And Next.js 13 was announced! Making it extremely easy to fetch and cache data from our Serverless API. So we put together an example to try it out.
The Auth team published an in-depth doc explaining how Supabase Auth supports server-side rendering. Includes an explanation of the authentication flow and answers to some of the more common questions.
Do you have 100% code coverage? Probably not, because that’s usually the last thing you think of, but definitely not if you don’t have database tests. We just shipped a framework for Database Tests which makes it incredibly easy to test your database using pgTAP an pg_prove.
Functions now support GET requests! Other HTTP verbs such as PUT, PATCH, and DELETE are supported too.
X-Forwarded-For header
. Example
provider_refresh_token
along with provider_access_token
. PR
refreshSession
method to allow users to forcefully refresh a session instead of waiting for it to autorefresh upon expiry. Thanks to @j4w8n for the PR 🙇🏻♂️We did something a bit strange during September - we didn't work on features. Quite the opposite. After Launch Week we did three subsequent weeks of Kaizen, a term we use internally to deliver constant and incremental improvement. Each week had a different focus:
It's pretty rare for a company to stop feature development altogether, but luckily we're just a bunch of developers so we all know the pain of technical debt. After 5 Launch Weeks, working on testing and backlogs feels like a bit of a relief.
We saw a lot of progress across our Open Issues - closing over 250 issues and 50 Pull Requests.
We launched the new Auth UI on Product Hunt! Auth UI is a pre-built React component for authenticating users with Supabase Auth. It supports custom themes and extensible styles to match your brand and aesthetic.
If you've ever wondered, "can I run Postgres inside a browser, using an embeddable Linux Virtual Machine?", wonder no longer. With our friends at Snaplet, we've released an open source Postgres WASM.
Read the blog post
Comment on Hacker News
Visit the repo: Snaplet | Supabase
We're making some changes to the way the Dashboard interacts with your database. These changes simplify the database permissions so that it's easier for you to migrate in and out of Supabase, and they reduce the security surface area considerably. The change will be applied automatically in November, or you can run it today via the Dashboard.
Launch Week 5 just happened and it was a big one, here is everything we shipped:
The Supabase CLI is now in v1.0 (including the ability to generate TypeScript types 🎉). We also released the Admin API Beta, a REST API that opens the door to a whole new suite of integrations (Zapier, Terraform, Pulumi, you name it). Full programmatic control of your projects and orgs is on the way.
supabase-js v2 focuses on "quality-of-life" improvements for developers and includes Type Support, new Auth Methods, async Auth overhaul, improvements for Edge Functions, and more. We couldn't have done this without our amazing Community, so thanks a lot to everyone who contributed.
Try it out by running npm i @supabase/supabase-js@rc
Our customers can rest assured knowing their information is secure and private 🔒. The blog post explains the process we went through to get there and is very useful for anyone building a SaaS product.
Next level Realtime is here ⚡️. Presence and Broadcast are two key blocks developers can use to build the digital experiences users want. All projects now have access to these features. Try it out in combination with supabase-js v2.
We wrapped Launch Week 5 with contributors, partners, and friends and the traditional One More Thing... that was actually SIX more things: Supabase Vault, Auth UI, Dashboard permissions, JSON schema validation, pg_graphql v0.4.0, MFA early-access.
Community Day Video Announcement
The following changes to the Supabase Platform will take effect from September 11th at 7 pm PDT.
Authorization
header and in a separate apiKey
header. This led to confusion among new users of Supabase who used the API directly. It is no longer required to send the anon key or service key via the apiKey
header. If you are using Supabase via our client libraries, no change is required from your side.The last week of March was our Fourth Launch Week. Here's everything that was launched:
The one we've all been waiting for. You can now deploy Javascript & Typescript functions to Supabase. You can develop and test locally, link a project, and deploy globally to the edge in a matter of seconds.
You can now query your Supabase database with GraphQL. We built this as a postgres extension, so it's portable, open source, and solves some of the problems that exist in other GraphQL implementations
Supabase Realtime now supports multiplayer and presence, so you can build collaborative applications like Figma and Google Docs with Supabase. Come and have some fun on our demo application.
We're now an official GitHub secret scanning partner, meaning that if you accidentally push your service_role key to GitHub, you'll get a notification email, and your keys will automatically be rolled on Supabase. For private repos you can disable this.
We've released Elixir Livebooks for Monitoring, starting with built-in monitoring for PgBouncer, a Postgres connection pooler.
We’ve released 4 new OAuth providers, thanks to the contributions of the community:
We’ve also added 2 new phone providers:
We’ve released supabase-auth-helpers, a collection of framework-specific auth utilities that make working with Supabase Auth a pleasant experience, no matter what framework you’re using.
Thanks for all your support while we build the world's most productive developer platform. @supabase
The PostgREST release notes document some changes to the way GUC variables are handled here.
Supabase has created a config flag in the Dashboard to ensure that this will not be a breaking change. These changes are required before you can upgrade to PostgreSQL 14+, or use Realtime RLS.
Supabase has already updated all the default auth functions (auth.uid()
, auth.role()
and auth.email()
), however we have no way of updating functions which we have not written ourselves.
auth
functions or generally any function that use legacy GUC naming convention to access JWT claims (eg current_setting('request.jwt.claims.XXX', true)
.
auth
functions.You need to update all functions that are using the legacy GUC naming convention (current_setting('request.jwt.claims.XXX', true)
) to use the new convention (current_setting('request.jwt.claims', true)::json->>'XXX'
).
After you have made this change, you can safely
For example, Supabase rewrote the auth.role()
functions like this, to handle both legacy and new:
-- PREVIOUSLY
create or replace function auth.role()
returns text
language sql stable
as $$
select current_setting('request.jwt.claim.role', true)::text;
$$;
-- UPDATED FUNCTION TO HANDLE NEW GUC NAMING SCHEME
create or replace function auth.role()
returns text
language sql stable
as $$
select
coalesce(
current_setting('request.jwt.claim.role', true),
(current_setting('request.jwt.claims', true)::jsonb ->> 'role')
)::text
$$;
The PostgREST release notes document some changes to the way GUC variables are handled here.
Supabase has created a config flag in the Dashboard to ensure that this will not be a breaking change. These changes are required before you can upgrade to PostgreSQL 14+, or use Realtime RLS.
Supabase has already updated all the default auth functions (auth.uid()
, auth.role()
and auth.email()
), however we have no way of updating functions which we have not written ourselves.
auth
functions or generally any function that use legacy GUC naming convention to access JWT claims (eg current_setting('request.jwt.claims.XXX', true)
.
auth
functions.You need to update all functions that are using the legacy GUC naming convention (current_setting('request.jwt.claims.XXX', true)
) to use the new convention (current_setting('request.jwt.claims', true)::json->>'XXX'
).
After you have made this change, you can safely
For example, Supabase rewrote the auth.role()
functions like this, to handle both legacy and new:
-- PREVIOUSLY
create or replace function auth.role()
returns text
language sql stable
as $$
select current_setting('request.jwt.claim.role', true)::text;
$$;
-- UPDATED FUNCTION TO HANDLE NEW GUC NAMING SCHEME
create or replace function auth.role()
returns text
language sql stable
as $$
select
coalesce(
current_setting('request.jwt.claim.role', true),
(current_setting('request.jwt.claims', true)::jsonb ->> 'role')
)::text
$$;