Bypassing PlasmicAuth for custom auth

foxy_grouse · September 13, 2023, 10:13pm

I have a few questions about auth:

• If I use custom authorization (in my case, use supabase auth / row-level security), do I still need to create a plasmic user? The API docs for the PlasmicRootProvider don’t show the user or userAuthToken props, but I see them here: https://github.com/plasmicapp/plasmic/blob/master/examples/supabase-auth-nextjs-pages-codegen/pages/ssr.tsx#L34C45-L34C58
• My issue with creating a plasmic user and mapping to a simple “role” is that users can be in multiple teams and have different permissions in each team. I see that I can use Role in “Page Data” and then dynamic values for component visibility, is that the best practice in that case?
• In general… I am thinking I just want bypass the plasmic auth, but I want to make sure I am not missing anything really critical there?

chungwu · September 14, 2023, 6:19pm

You shouldn’t need to create Plasmic users if you are using custom auth. @fmota can help you sort it out

fmota · September 14, 2023, 8:01pm

Hi Addison
• You don’t need to create a plasmic user to use custom auth, the set of permissions that you define in the permissions tab are independent of plasmic auth a bit more about it is explained in https://docs.plasmic.app/learn/auth/#permissions. The PlasmicRootProvider still requires the user / userAuthToken so that plasmic is able to handle the visibility of pages or parts of the page based on the current user, also handling data source operations that you chose to protect within plasmic.
• Yes in case you want to block a page or hide a page section based on the role level that is the expected best practice