[pylons-discuss] feedback on Supabase auth sample app for Pyramid

I've used Pyramid for various small projects over the years. Thanks much to the devs and community for such a great framework. For a future project, would like to support login via Google, Github, etc. Supabase (a Postgres-based platform) looks like a solid approach -- but I'm not sure the best

Re: [pylons-discuss] feedback on Supabase auth sample app for Pyramid

; access/refresh tokens in a cookie instead of inside the session ? > > > https://github.com/MakeDeeply/pyramid_supabase_auth_dev/blob/main/pyramid_supabase_auth/auth.py#L59C17-L60C76 > > > Le 27/11/2023 à 20:52, Scott Lawton a écrit : > > I've used Pyramid for various

Re: [pylons-discuss] feedback on Supabase auth sample app for Pyramid

Some followup: - https://docs.pylonsproject.org/projects/pyramid/en/latest/narr/sessions.html has a big section in red: 'By default the SignedCookieSessionFactory() implementa

Re: [pylons-discuss] feedback on Supabase auth sample app for Pyramid

Thanks so much! > For this type of data, at a minimum, calls to request.response.set_cookie should contain `httponly=True` and `secure=True`; the app should also be under https only. If I understand how your system uses these credentials correctly, `samesite=strict` should also be added. Makes

Re: [pylons-discuss] feedback on Supabase auth sample app for Pyramid

Thanks for the link and the 'second' that it's still a practical solution; I was a bit hesitant given that it's 10 years old: 0.8 (2013-06-28). Looks like there are enough docs available for us to proceed. Still, if anyone knows of a sample app that includes that + oauth, would be great to see.