Supabase vs. A Comprehensive Comparison for User Authentication in Web Development

Dive into the Supabase vs debate. Uncover insights about their performance, custom tokens, user impersonation, cost dynamics, and more. Which tool will reign supreme for you?

Supabase vs. A Comprehensive Comparison for User Authentication in Web Development
Supabase vs. A Comprehensive Comparison for User Authenatication in Web Development

When it comes to web development, the tools we choose can make or break our projects. They not only shape our workflow but also impact the final products we deliver to our users. For the longest time, Supabase was my go-to choice. Its robustness and versatility made it a reliable partner in my journey as a web developer. But as they say, change is the only constant. As I continued exploring, I stumbled upon another promising contender:

If you're a fellow developer who's ever grappled with the decision to switch tools, or if you're simply curious about, this post is for you. Whether you're considering a similar switch, or if you're just starting out in web development and are evaluating your options, I hope my experience will provide valuable insights to guide your decisions. Let's dive in.

The Supabase Advantage

Firstly, I want to champion Supabase as an exceptional choice for all. As a satisfied user for an extended period, I can confidently recommend it to anyone seeking a robust, comprehensive backend service. Let's delve into why Supabase has been my preferred choice.

Ease of implementation

Supabase released auth-helpers to make authentication and authorization quite easy to implement.

GitHub - supabase/auth-helpers: A collection of framework specific Auth utilities for working with Supabase.
A collection of framework specific Auth utilities for working with Supabase. - GitHub - supabase/auth-helpers: A collection of framework specific Auth utilities for working with Supabase.

Easy to implement Supabase Auth Helpers

Big thanks to Jon from Supabase who keeps on producing excellent content on very "edge" (no pun intended) topics, such as server actions, auth middleware etc.

Row Level Secruity

Supabase also introduced me to the idea of row level security, the idea of creating a policy for every table that automatically adds a WHERE clause to every query to check for example for the user_id .

When you need granular authorization rules, nothing beats PostgreSQL's Row Level Security (RLS).

When using supabase-js or any postgres function auth becomes super simply and it just works out of the box.

Amazing User Dashboard with all Core Features

Finally, I really liked the auth management dashboard, where you can do the most important tasks, such as:

  • Invite a new user via email
  • Manually create a new user
  • Send Password recovery
Supabase Auth Dashboard

All in all Supabase has done a fantastic job when it comes to auth and it has been my go to choice.

Top 6 Reasons to Switch to

So, what provoked the switch to for authentication, especially when Supabase had already proven to be such a stellar product? The answer lies in's specific focus and proficiency in delivering a slightly more robust authentication solution. It has managed to incorporate some truly innovative features, which are not only challenging to construct independently but also rare to find in other products.

Based on personal experience, I've noticed that the login and authentication processes tend to take somewhat longer with Supabase. Even simply accessing the Supabase dashboard or project seems to involve a more extended loading time than one might typically expect.

Supabase also allows you to create an Auth Middleware client and also recently launched the PKCE flow. has meticulously curated a page that demonstrates the integration of their edge middleware with Next.js. With this setup, I've experienced remarkably rapid response times, enhancing the overall user experience.

Showcasing Edge Middleware with Supabase

JWT Templates and Custom Session Tokens

Most often you want to share your user data with other services such as (feature requests) or With JWT templates you can tailor each template to the data requirements of the provider, and get a signed token with a one liner and pass it to the provider. Check out this detailed step-by-step tweet of chronark_ on how to implement Plain seamlessly with the JWT Teamplate:

Picture and tweet by chronark_ showcasing plain JWT templates

An added convenience is the ability to select the information to display in my session token. This proves particularly useful for routing purposes - for instance, when a username is part of the route. Rather than continuously querying a specific field or table from the user, I can manually add this claim and gain immediate access, which is a significant time saver.

Customisation of session token.

User Impersonation