Difficulty with supabase authentication.

Developer Support
1

:megaphone: Report More Criticismo to Plasmic Support

Context & Frustrations

We have spent many hours building a workaround: “Plasmic button → triggers REST API call → Next.js API → Supabase Authentication.” Despite our best efforts, we have not succeeded, and this workaround feels like a major misuse of development time.

We expected Plasmic to provide a more seamless, secure, and straightforward Supabase integration, especially for authentication — but what we found has been deeply limiting, fragile, and insecure.

Key Issues & Limitations

1. Severe Limitation of Supabase Storage Integration

  • The Plasmic integration with Supabase Storage is astonishingly limited: it only allows “upload file” and “get URL”.

  • There is no ability to run any meaningful Supabase client logic (such as user auth, table insert/update, or any other data operations).

  • This makes the storage integration nearly useless for building real SaaS functionality in Plasmic, because authentication and data writing are core needs.

  • In contrast, tools like FlutterFlow let you perform authentication (login, signup, reset password) directly via their Supabase integration UI — this is far more powerful and flexible.

2. Dangerously Insecure Database Integration

  • Plasmic’s “Database” integration with Supabase opens direct database access from the client-side. This means:

    • Anyone using the app could potentially write to or modify tables, if not carefully secured.

    • You have no built-in mediation or secure API layer in Plasmic — Plasmic itself is making queries to your Supabase DB.

  • In a production SaaS scenario, this is unacceptable, because business logic and security are completely offloaded to the client.

  • We are deeply concerned about data integrity, RLS (Row Level Security) misuse, and exposing the database schema or sensitive operations to users.

3. No Built-in Supabase Authentication Support

  • Plasmic does not provide a native, out-of-the-box Supabase Auth integration (signup, login, logout, reset password, update email).

  • We are forced to implement a manual and fragile flow, building API routes in Next.js, writing client modules, and wiring Plasmic buttons. This is far more work than expected — especially considering that other tools (like FlutterFlow) do this in a few clicks.

  • The lack of first-class auth support increases development time, introduces security risk, and makes the Plasmic experience feel underpowered for real applications.

The Impact of These Limitations

  • We have wasted developer hours trying to build a workaround for authentication that should be native.

  • The architecture we have to build is more complex, brittle, and risky than we initially planned.

  • We are forced to expose or implement sensitive logic ourselves (auth, session management), while we expected Plasmic to give us that “out of the box” for Supabase.

  • Our confidence in Plasmic as a production-grade tool for building SaaS is shaken: if we must do all this ourselves, what is the real advantage compared to a more integrated platform?

What We Are Asking Plasmic to Do

  1. Support Supabase Authentication as a first-class integration
    We strongly request that Plasmic supports signup, login, logout, password reset, and update email directly via a native Supabase Auth integration (not just DB).

  2. Expand Storage Integration Capabilities
    The storage integration should expose actual client logic (not just “upload” and “get URL”), such as running Supabase JS client methods, performing authenticated file operations, and possibly triggering other Supabase actions.

  3. Provide a Secure, Recommended Pattern for Production Use
    Plasmic should document and/or provide best practices for:

    • Securely connecting Plasmic to Supabase using service-side logic (API routes or server modules)

    • How to structure environment variables, clients, and security layers

    • Sample projects or templates that show secure auth workflows

  4. Advise on Our Current Approach
    Given our current setup — Next.js API routes, Plasmic buttons calling those APIs, and Supabase client modules — what is Plasmic’s recommended workflow? Is there a more official or supported way to do what we’re trying to achieve?

Why This Is Critical

  • Without better support, building a secure, production-ready app on Plasmic + Supabase becomes a fragile, high-risk exercise.

  • Plugins or integrations that are “good enough for demos” are not enough for real users.

  • We believe Plasmic has the potential to be a very powerful tool for serious SaaS builders — but only if these architectural gaps are addressed.

Please let us know:

  • Is there a roadmap for a native Supabase Auth Action + Data integration?

  • Do you agree that the storage integration is too limited, and are you planning to expand it?

  • Can you provide a secure example or template for Supabase + Plasmic production apps?

Thank you for your support and feedback.

2

So we were here a while ago and are able to use Supabase Auth and do CRUD operations via Plasmic studio. There was a repo flying around that bypassed the Custom Auth (seen below). If you search the forum you might be able to find it or you could ask the AI inside studio for the library - which it might help you find.

This might be helpful:

1 Like
3

You can find the AI here. It is called Chat docs. It is the second icon from the bottom

Screenshot 2025-11-25 at 9.39.07 PM
Screenshot 2025-11-25 at 9.39.07 PM238×1018 11.6 KB

4

@carlos_eduardo hi! Thanks for the feedback, it’s quite valuable.

  • Is there a roadmap for a native Supabase Auth Action + Data integration?

There is, it’s on our list of priorities, and we will be pushing this as soon as we roll out full RSC support. We already support server functions and partial support for server components, so it should happen relatively soon.

  • Do you agree that the storage integration is too limited, and are you planning to expand it?

Yeah, for sure. We plan to re-work all of the parts of the supabase integration, including storage, auth, and CRUD operations with the tables.

Can you provide a secure example or template for Supabase + Plasmic production apps?

Yes - you can find it here. You can configure the server on vercel with one click.

Alternatively, you can set it up manually using this tutorial. Link to the GitHub and example project can also be found there. I’m currently updating the project due to some recent changes - therefore, some interactions (on buttons, text elements) might be missing in the example Studio project, but they should be there by the end of this week.

5

I need to be completely honest and transparent here. Plasmic is an amazing platform for UI development. Unlike Figma, Plasmic allows us to generate production-ready React code with real, usable components that plug directly into a live application. That is an extremely powerful promise, especially for teams building serious applications without a full traditional coding pipeline.

However, the backend situation is dramatically behind the frontend experience.

Native authentication under Configure App Authentication is extremely limited and not viable for any production-level application. It simply doesn’t offer what modern apps actually need.

The native CMS integration, while convenient, is also not secure and is not recommended by any professional developer I have consulted. Everyone understands that something like Supabase (or any backend with proper auth, permissions, secure RLS, tokens, and deployment workflows) is required for serious real-world software.

Supabase is one of the most widely adopted backend platforms today, especially for app builders. Yet Plasmic currently has:

  • No native authentication actions for Supabase

  • No straightforward way to integrate secure login, signup, logout, or password reset

  • A Storage integration that is extremely limited — only upload and fetch URL

  • A Database integration that is powerful but dangerously insecure for client-side use

  • No official example template showing safe, production-grade Supabase + Plasmic usage

Because of these gaps, I had to spend many weeks trying to assemble a workaround such as:

Plasmic button → HTTP request or custom code → API route → server → Supabase authentication

Even after investing countless hours, the setup is still unstable, inconsistent, and far more complex than it should be. No other visual development platform demands this much manual effort for something as basic as user authentication.

If I compare this to FlutterFlow, for example, Supabase Auth is native, built-in, secure, and available as simple dropdown actions:

  • Create account

  • Login

  • Logout

  • Reset password

  • Update email

All without custom endpoints or workarounds.

Plasmic launched in 2021. By now, something as fundamental as secure backend integration should be first-class—especially given that Plasmic markets itself as a true app-building tool, not just a UI prototyping tool.

I’m not just speaking for myself. This is critical for every serious Plasmic user who wants to go beyond static sites. Without proper backend workflows, the product loses an enormous part of its real-world potential.

So I need a very direct answer:

When will Plasmic have fully implemented, production-ready, official support for:

  • Supabase authentication actions (signup, login, logout, reset password, etc.)

  • Secure Supabase integration supporting RLS

  • Expanded Storage and Database integration beyond the current limitations

  • A recommended “official architecture” for Supabase + Plasmic production apps

Is there any expected date to finish this rework?

I have invested months building a major front-end on Plasmic because I believed in the platform. Now I am blocked, and I need a concrete timeline or roadmap for when these essential features will be available — not only for me, but for the entire Plasmic community that needs this functionality to build serious products.

1 Like
6

Have you checked out the Vercel template I sent above?
It provides all of the functionality that you request out of the box; you just need to set your project ID in the plasmic-init file
This template contains code components for auth,storage and secure database CRUD operations which will all be available in the Studio UI as soon as you will connect the app host to your project