-
Notifications
You must be signed in to change notification settings - Fork 373
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: anonymous sign-ins #1460
Merged
Merged
feat: anonymous sign-ins #1460
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kangmingtay
force-pushed
the
km/feat-anonymous-logins
branch
from
March 1, 2024 07:22
af77f25
to
b504885
Compare
kangmingtay
force-pushed
the
km/feat-anonymous-logins
branch
from
March 1, 2024 07:53
b504885
to
8f715b1
Compare
kangmingtay
force-pushed
the
km/feat-anonymous-logins
branch
from
March 1, 2024 08:52
66bd15f
to
306be4c
Compare
hf
reviewed
Mar 1, 2024
kangmingtay
force-pushed
the
km/feat-anonymous-logins
branch
from
March 1, 2024 15:41
fa86627
to
0963e41
Compare
hf
reviewed
Mar 1, 2024
hf
reviewed
Mar 1, 2024
hf
reviewed
Mar 1, 2024
hf
reviewed
Mar 1, 2024
hf
reviewed
Mar 1, 2024
hf
approved these changes
Mar 1, 2024
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good! Left some readability and error code nits that generally don't have a major impact on the feature.
hf
reviewed
Mar 1, 2024
kangmingtay
force-pushed
the
km/feat-anonymous-logins
branch
from
March 3, 2024 03:43
53ea66e
to
fa57774
Compare
hf
pushed a commit
that referenced
this pull request
Mar 5, 2024
🤖 I have created a release *beep* *boop* --- ## [2.144.0](v2.143.0...v2.144.0) (2024-03-04) ### Features * add configuration for custom sms sender hook ([#1428](#1428)) ([1ea56b6](1ea56b6)) * anonymous sign-ins ([#1460](#1460)) ([130df16](130df16)) * clean up test setup in MFA tests ([#1452](#1452)) ([7185af8](7185af8)) * pass transaction to `invokeHook`, fixing pool exhaustion ([#1465](#1465)) ([b536d36](b536d36)) * refactor resource owner password grant ([#1443](#1443)) ([e63ad6f](e63ad6f)) * use dummy instance id to improve performance on refresh token queries ([#1454](#1454)) ([656474e](656474e)) ### Bug Fixes * expose `provider` under `amr` in access token ([#1456](#1456)) ([e9f38e7](e9f38e7)) * improve MFA QR Code resilience so as to support providers like 1Password ([#1455](#1455)) ([6522780](6522780)) * refactor request params to use generics ([#1464](#1464)) ([e1cdf5c](e1cdf5c)) * revert refactor resource owner password grant ([#1466](#1466)) ([fa21244](fa21244)) * update file name so migration to Drop IP Address is applied ([#1447](#1447)) ([f29e89d](f29e89d)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
kangmingtay
added a commit
to supabase/auth-js
that referenced
this pull request
Mar 6, 2024
## What kind of change does this PR introduce? * supabase/auth#68 * Adds the `signInAnonymously` method to support supabase/auth#1460 * Passing in user metadata / the captcha token in `signInAnonymously` looks like: `signInAnonymously({ options: { data, captchaToken }})` which follows the same format as the other sign up / sign in methods
2 tasks
uxodb
pushed a commit
to uxodb/auth
that referenced
this pull request
Nov 13, 2024
## What kind of change does this PR introduce? * Implements supabase#68 * An anonymous user is defined as a user that doesn't have an email or phone in the `auth.users` table. This is tracked by using a generated column called `auth.users.is_anonymous` * When an anonymous user signs-in, the JWT payload will contain an `is_anonymous` claim which can be used in RLS policies as mentioned in [Option 3](supabase#68 (comment)). ```json { ... "is_anonymous": true } ``` * Allows anonymous sign-ins if `GOTRUE_EXTERNAL_ANONYMOUS_USERS_ENABLED` is enabled * Anonymous sign-ins are rate limited on a per hourly basis and controlled by `GOTRUE_RATE_LIMIT_ANONYMOUS_USERS`. This is an ip-based rate limit. * You can also configure silent captcha / turnstile to prevent abuse * There are 2 ways to upgrade an anonymous user to a permanent user: 1. Link an email / phone identity to an anonymous user `PUT /user` 2. Link an oauth identity using `GET /user/identities/authorize?provider=xxx` ## Example ```bash # Sign in as an anonymous user curl -X POST 'http://localhost:9999/signup' \ -H 'Content-Type: application/json' \ -d '{}' # Upgrade an anonymous user to a permanent user with an email identity curl -X PUT 'http://localhost:9999/user' \ -H 'Content-Type: application/json' \ -H 'Authorization: Bearer <access_token_of_anonymous_user>' \ -d '{"email": "user@example.com"}' # Upgrade an anonymous to a permanent user with an oauth identity curl -X GET 'http://localhost:9999/user/identities/authorize?provider=google' \ -H 'Authorization: Bearer <access_token_of_anonymous_user> ``` ## Follow-ups * Cleanup logic for anonymous users will be made in a separate PR
uxodb
pushed a commit
to uxodb/auth
that referenced
this pull request
Nov 13, 2024
🤖 I have created a release *beep* *boop* --- ## [2.144.0](supabase/auth@v2.143.0...v2.144.0) (2024-03-04) ### Features * add configuration for custom sms sender hook ([supabase#1428](supabase#1428)) ([1ea56b6](supabase@1ea56b6)) * anonymous sign-ins ([supabase#1460](supabase#1460)) ([130df16](supabase@130df16)) * clean up test setup in MFA tests ([supabase#1452](supabase#1452)) ([7185af8](supabase@7185af8)) * pass transaction to `invokeHook`, fixing pool exhaustion ([supabase#1465](supabase#1465)) ([b536d36](supabase@b536d36)) * refactor resource owner password grant ([supabase#1443](supabase#1443)) ([e63ad6f](supabase@e63ad6f)) * use dummy instance id to improve performance on refresh token queries ([supabase#1454](supabase#1454)) ([656474e](supabase@656474e)) ### Bug Fixes * expose `provider` under `amr` in access token ([supabase#1456](supabase#1456)) ([e9f38e7](supabase@e9f38e7)) * improve MFA QR Code resilience so as to support providers like 1Password ([supabase#1455](supabase#1455)) ([6522780](supabase@6522780)) * refactor request params to use generics ([supabase#1464](supabase#1464)) ([e1cdf5c](supabase@e1cdf5c)) * revert refactor resource owner password grant ([supabase#1466](supabase#1466)) ([fa21244](supabase@fa21244)) * update file name so migration to Drop IP Address is applied ([supabase#1447](supabase#1447)) ([f29e89d](supabase@f29e89d)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
LashaJini
pushed a commit
to LashaJini/auth
that referenced
this pull request
Nov 13, 2024
## What kind of change does this PR introduce? * Implements supabase#68 * An anonymous user is defined as a user that doesn't have an email or phone in the `auth.users` table. This is tracked by using a generated column called `auth.users.is_anonymous` * When an anonymous user signs-in, the JWT payload will contain an `is_anonymous` claim which can be used in RLS policies as mentioned in [Option 3](supabase#68 (comment)). ```json { ... "is_anonymous": true } ``` * Allows anonymous sign-ins if `GOTRUE_EXTERNAL_ANONYMOUS_USERS_ENABLED` is enabled * Anonymous sign-ins are rate limited on a per hourly basis and controlled by `GOTRUE_RATE_LIMIT_ANONYMOUS_USERS`. This is an ip-based rate limit. * You can also configure silent captcha / turnstile to prevent abuse * There are 2 ways to upgrade an anonymous user to a permanent user: 1. Link an email / phone identity to an anonymous user `PUT /user` 2. Link an oauth identity using `GET /user/identities/authorize?provider=xxx` ## Example ```bash # Sign in as an anonymous user curl -X POST 'http://localhost:9999/signup' \ -H 'Content-Type: application/json' \ -d '{}' # Upgrade an anonymous user to a permanent user with an email identity curl -X PUT 'http://localhost:9999/user' \ -H 'Content-Type: application/json' \ -H 'Authorization: Bearer <access_token_of_anonymous_user>' \ -d '{"email": "user@example.com"}' # Upgrade an anonymous to a permanent user with an oauth identity curl -X GET 'http://localhost:9999/user/identities/authorize?provider=google' \ -H 'Authorization: Bearer <access_token_of_anonymous_user> ``` ## Follow-ups * Cleanup logic for anonymous users will be made in a separate PR
LashaJini
pushed a commit
to LashaJini/auth
that referenced
this pull request
Nov 13, 2024
🤖 I have created a release *beep* *boop* --- ## [2.144.0](supabase/auth@v2.143.0...v2.144.0) (2024-03-04) ### Features * add configuration for custom sms sender hook ([supabase#1428](supabase#1428)) ([1ea56b6](supabase@1ea56b6)) * anonymous sign-ins ([supabase#1460](supabase#1460)) ([130df16](supabase@130df16)) * clean up test setup in MFA tests ([supabase#1452](supabase#1452)) ([7185af8](supabase@7185af8)) * pass transaction to `invokeHook`, fixing pool exhaustion ([supabase#1465](supabase#1465)) ([b536d36](supabase@b536d36)) * refactor resource owner password grant ([supabase#1443](supabase#1443)) ([e63ad6f](supabase@e63ad6f)) * use dummy instance id to improve performance on refresh token queries ([supabase#1454](supabase#1454)) ([656474e](supabase@656474e)) ### Bug Fixes * expose `provider` under `amr` in access token ([supabase#1456](supabase#1456)) ([e9f38e7](supabase@e9f38e7)) * improve MFA QR Code resilience so as to support providers like 1Password ([supabase#1455](supabase#1455)) ([6522780](supabase@6522780)) * refactor request params to use generics ([supabase#1464](supabase#1464)) ([e1cdf5c](supabase@e1cdf5c)) * revert refactor resource owner password grant ([supabase#1466](supabase#1466)) ([fa21244](supabase@fa21244)) * update file name so migration to Drop IP Address is applied ([supabase#1447](supabase#1447)) ([f29e89d](supabase@f29e89d)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
LashaJini
pushed a commit
to LashaJini/auth
that referenced
this pull request
Nov 15, 2024
## What kind of change does this PR introduce? * Implements supabase#68 * An anonymous user is defined as a user that doesn't have an email or phone in the `auth.users` table. This is tracked by using a generated column called `auth.users.is_anonymous` * When an anonymous user signs-in, the JWT payload will contain an `is_anonymous` claim which can be used in RLS policies as mentioned in [Option 3](supabase#68 (comment)). ```json { ... "is_anonymous": true } ``` * Allows anonymous sign-ins if `GOTRUE_EXTERNAL_ANONYMOUS_USERS_ENABLED` is enabled * Anonymous sign-ins are rate limited on a per hourly basis and controlled by `GOTRUE_RATE_LIMIT_ANONYMOUS_USERS`. This is an ip-based rate limit. * You can also configure silent captcha / turnstile to prevent abuse * There are 2 ways to upgrade an anonymous user to a permanent user: 1. Link an email / phone identity to an anonymous user `PUT /user` 2. Link an oauth identity using `GET /user/identities/authorize?provider=xxx` ## Example ```bash # Sign in as an anonymous user curl -X POST 'http://localhost:9999/signup' \ -H 'Content-Type: application/json' \ -d '{}' # Upgrade an anonymous user to a permanent user with an email identity curl -X PUT 'http://localhost:9999/user' \ -H 'Content-Type: application/json' \ -H 'Authorization: Bearer <access_token_of_anonymous_user>' \ -d '{"email": "user@example.com"}' # Upgrade an anonymous to a permanent user with an oauth identity curl -X GET 'http://localhost:9999/user/identities/authorize?provider=google' \ -H 'Authorization: Bearer <access_token_of_anonymous_user> ``` ## Follow-ups * Cleanup logic for anonymous users will be made in a separate PR
LashaJini
pushed a commit
to LashaJini/auth
that referenced
this pull request
Nov 15, 2024
🤖 I have created a release *beep* *boop* --- ## [2.144.0](supabase/auth@v2.143.0...v2.144.0) (2024-03-04) ### Features * add configuration for custom sms sender hook ([supabase#1428](supabase#1428)) ([1ea56b6](supabase@1ea56b6)) * anonymous sign-ins ([supabase#1460](supabase#1460)) ([130df16](supabase@130df16)) * clean up test setup in MFA tests ([supabase#1452](supabase#1452)) ([7185af8](supabase@7185af8)) * pass transaction to `invokeHook`, fixing pool exhaustion ([supabase#1465](supabase#1465)) ([b536d36](supabase@b536d36)) * refactor resource owner password grant ([supabase#1443](supabase#1443)) ([e63ad6f](supabase@e63ad6f)) * use dummy instance id to improve performance on refresh token queries ([supabase#1454](supabase#1454)) ([656474e](supabase@656474e)) ### Bug Fixes * expose `provider` under `amr` in access token ([supabase#1456](supabase#1456)) ([e9f38e7](supabase@e9f38e7)) * improve MFA QR Code resilience so as to support providers like 1Password ([supabase#1455](supabase#1455)) ([6522780](supabase@6522780)) * refactor request params to use generics ([supabase#1464](supabase#1464)) ([e1cdf5c](supabase@e1cdf5c)) * revert refactor resource owner password grant ([supabase#1466](supabase#1466)) ([fa21244](supabase@fa21244)) * update file name so migration to Drop IP Address is applied ([supabase#1447](supabase#1447)) ([f29e89d](supabase@f29e89d)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What kind of change does this PR introduce?
auth.users
table. This is tracked by using a generated column calledauth.users.is_anonymous
is_anonymous
claim which can be used in RLS policies as mentioned in Option 3.GOTRUE_EXTERNAL_ANONYMOUS_USERS_ENABLED
is enabledGOTRUE_RATE_LIMIT_ANONYMOUS_USERS
. This is an ip-based rate limit.PUT /user
GET /user/identities/authorize?provider=xxx
Example
Follow-ups