How is authentication/authorization handled with this stack? Or sign up with ema... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		marktangotango on Dec 19, 2023 \| parent \| context \| favorite \| on: PostgREST: Providing HTML Content Using Htmx How is authentication/authorization handled with this stack? Or sign up with email validation and password reset?

hasty_pudding on Dec 19, 2023 | [–]

It's a little bit involved but doable.

https://postgrest.org/en/stable/references/auth.html

bigEnotation on Dec 19, 2023 | | [–]

So where is the secret key stored for signing the JWT? In the front end as well?

Edit: Oh I found it here: https://postgrest.org/en/stable/how-tos/sql-user-management....

That’s a pretty neat design. Also an interesting attack surface

est on Dec 19, 2023 | [–]

RDBMS auth and roles are a thing. They even support mTLS.

Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact