0
0
Supabasecloud~10 mins

OAuth providers (Google, GitHub) in Supabase - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Process Flow - OAuth providers (Google, GitHub)
User clicks Login
Redirect to OAuth Provider
User authenticates on Provider
Provider sends Auth Code
App exchanges Code for Token
User logged in with Token
User starts login, is sent to Google or GitHub to authenticate, then returns with a token to log in.
Execution Sample
Supabase
supabase.auth.signInWithOAuth({ provider: 'google' })
Starts OAuth login flow with Google provider.
Process Table
StepActionState ChangeResult
1User clicks login buttonNo state change yetRedirect to Google OAuth page
2User enters Google credentialsGoogle verifies userGoogle sends auth code to app
3App receives auth codeApp exchanges code for access tokenAccess token received
4App uses token to get user infoUser session created in appUser logged in
5User accesses app featuresSession activeAccess granted
💡
Status Tracker
VariableStartAfter Step 2After Step 3After Step 4Final
authCodenullreceived from providerused for token exchangenull (exchanged)null
accessTokennullnullreceived from providerused to get user infovalid token
userSessionnullnullnullcreatedactive
Key Moments - 3 Insights
Why does the app redirect the user to Google or GitHub instead of asking for credentials directly?
The app redirects to the OAuth provider to keep user credentials safe and let the provider handle authentication, as shown in step 1 and 2 of the execution table.
What happens to the auth code after the app exchanges it for an access token?
The auth code is used once to get the access token and then discarded, as seen in variable 'authCode' becoming null after step 3.
How does the app know the user is logged in?
After receiving the access token and user info, the app creates a user session, shown in step 4 and tracked by 'userSession' variable.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution table, what happens at step 3?
AUser enters credentials on provider page
BUser session is created
CApp exchanges auth code for access token
DUser clicks login button
💡 Hint
Check the 'Action' and 'Result' columns for step 3 in the execution table
According to variable_tracker, when does 'userSession' become active?
AAfter Step 4
BAfter Step 3
CAfter Step 2
DAt Start
💡 Hint
Look at the 'userSession' row and see when it changes from null to active
If the auth code was never received, what would happen in the flow?
AUser would be logged in immediately
BApp would not get access token and login would fail
CUser session would be created without token
DApp would skip OAuth and use password login
💡 Hint
Refer to the importance of authCode in variable_tracker and step 3 in execution_table
Concept Snapshot
OAuth login flow:
1. User clicks login
2. Redirect to provider (Google/GitHub)
3. User authenticates
4. Provider sends auth code
5. App exchanges code for token
6. User session created
Keep credentials safe by using provider's login page.
Full Transcript
This visual execution shows how OAuth providers like Google and GitHub work with Supabase. The user clicks login, then is redirected to the provider's page to enter credentials. The provider sends an authorization code back to the app. The app exchanges this code for an access token. Using the token, the app creates a user session and logs the user in. Variables like authCode, accessToken, and userSession change state step-by-step. Key moments include why redirection is needed, what happens to the auth code, and how the app knows the user is logged in. The quiz tests understanding of these steps and variable changes.