BandLab Auth Demo

BandLab + Supabase Auth Demo

Minimal example showing how to authenticate with BandLab via WorkOS brokered through Supabase Auth, enrich the session with BandLab public user data, and leverage RLS-ready Supabase sessions.

Flow

Supabase Auth (provider=WorkOS) → WorkOS → BandLab OIDC → WorkOS verifies & returns → Supabase mints session JWT → RLS with auth.uid().

Session Data

Access user.user_metadata.bandlab_id (orsub) inside server & client components via Supabase; no manual JWT decoding required.

Supabase

Use the Supabase session for RLS policies. Example policy: create policy User rows on profiles for select using (auth.uid() = id).

Raw Supabase Session

null