Login through third parties including Google, Github etc has been an essential requirement for most web applications. The underlying of this process is oauth authentication. The following diagram from Google shows the process of oauth authentication.


As you can see, it is a bi-directional communication between the app and the oauth server. The app needs to handle the callback. This is usually done by a backend server. However, you don’t have to have a dedicated backend server for this if what you want is just to get the user’s information from the third party. There are several cloud services that can help you with this. Among them, Firebase is the most popular one, while supabase is a new comer. They both provide a backend service that can handle the callback and the database to store the user’s information while you can interact with them through their APIs. I have used both and would like to discuss in this post the pros and cons of these two services.

Firebase vs Supabase in a nutshell

Firebase Supabase
Database Firestore-NoSql Postgres
SDK C#, Go, Java, Node.js, PHP, Python, and Ruby Official(JS, flutter), Community(C#, Python, swift, kotlin)
Real-time updates real-time updates to web and moble Realtime built upon postgres feature
Social Auth Limited choices More choices
Open source Not open Open sourced and you can deploy by yourself though it’s not trivial

Why supabase

People who will use supabase are probably those who are familiar with postgres and want to use it extensively on all their backend services including authentication.

Another advantage for supabase is it’s open sourced and has offered official or community support for integration with nextjs, Remix, and ReactNative. If you are working with these frameworks you can try starting with their boilerplates and potentially save some time.

Why firebase

The reason for firebase is probably that it’s backed by google. I know it doesn’t sound cool if you are a fan of open source. However, it does have a lot of advantages by tapping into google’s ecosystem and cloud infrastructure.e.g. you can easily integrate with google analytics cloud messaging, and google cloud functions.

If you are developing a chrome extension app, firebase might also be a good choice, especially after the release of manifest v3. One of the limitations is that you can’t load remote scripts. This means you can’t use popup window which would call oauth provider(like Github) to authenticate the user. However you can still use the chrome.identity API to call up google’s authentication window(because it’s a google product). Guess who works best with chrome’s APIs?

What’s more

Actually there are quite a few solutions dedicated for oauth authentication, among them Auth0 has been there for a long time. kinde is a new comer and gaining more attention. I would be interested for these platforms who allow full control of the user’s data. As for now, firebase or supabase have been sufficient for my needs.