LaunchPad

Authentication

Multi-provider authentication with Supabase Auth — GitHub, Google, and email/password.

Overview

LaunchPad uses Supabase Auth for authentication with three providers: GitHub OAuth, Google OAuth, and email/password.

Providers

GitHub OAuth

  • Why: Primary target audience is developers — GitHub is the natural first choice
  • Flow: User clicks "Sign in with GitHub" → redirected to GitHub → authorizes → Supabase creates/logs in the user
  • Setup:
    1. Create a GitHub OAuth App at github.com/settings/developers
    2. Set callback URL: https://<supabase-ref>.supabase.co/auth/v1/callback
    3. Copy Client ID + Client Secret
    4. In Supabase Dashboard → Authentication → Providers → Enable GitHub, paste credentials

Google OAuth

  • Why: GitHub-only limits the audience to developers. Google covers 95%+ of users
  • Flow: Same as GitHub — OAuth redirect to Google, token back to Supabase
  • Setup:
    1. Go to Google Cloud Console
    2. Create OAuth 2.0 Client ID (Web application type)
    3. Add authorized redirect URI: https://<supabase-ref>.supabase.co/auth/v1/callback
    4. In Supabase Dashboard → Authentication → Providers → Enable Google, paste credentials

Email/Password

  • Why: Fallback for users without GitHub/Google accounts
  • Flow: Supabase handles this natively — user signs up with email, gets confirmation email, then can log in
  • Setup: Enabled by default in Supabase, no external credentials needed

Auth Flow

User clicks "Sign in with [Provider]"
  → Redirect to provider's OAuth page
  → User authorizes
  → Provider redirects to Supabase callback: /auth/v1/callback
  → Supabase creates session + user record
  → Supabase redirects to app: /auth/callback
  → App exchanges code for session
  → Redirect to /dashboard

Middleware

  • File: src/middleware.ts + src/lib/supabase/middleware.ts
  • All routes except /login, /signup, /auth/* require authentication
  • Unauthenticated users are redirected to /login
  • Session is refreshed on every request via Supabase middleware

Profile Creation

On first login, a database trigger creates a row in the profiles table:

  • id — matches the Supabase auth user ID
  • username, full_name, avatar_url — populated from the OAuth provider
  • ai_provider, ai_api_key — for BYOK AI settings

Security

  • Row Level Security (RLS) on all tables
  • Users can only access their own data
  • API keys stored in profiles, accessible only by the owning user via get_my_ai_settings() security definer function
  • Supabase handles password hashing, token rotation, and session management
Edit on GitHub

Mobile Responsive Board

Tab-based single column navigation for mobile devices.

API Reference

All API routes, database queries, and Supabase functions used by LaunchPad.

On this page

OverviewProvidersGitHub OAuthGoogle OAuthEmail/PasswordAuth FlowMiddlewareProfile CreationSecurity