0

So I am currently building a SaaS that features an invitation system. The general workflow is:

  1. User A signs up
  2. User A creates an organization as owner
  3. User A creates an invitation
  4. User B receives an invitation link
  5. User B signs up and joins the organization

I want to show some public information about the organization before the user signs up:

User A has invited you to join Organization X (some profile picture, other public information)

Now naturally, the invitation code is public and the whole invitations table should not have an RLS policy that prevents accessing the invite before being authenticated. However, I am thinking that it would be more secure to protect access to this table so that only people who have an invite code can access this single row. I am not sure if that is possible in Supabase, and if so, how to do it. In theory it should work by having the invite code act as token that is checked by the RLS policies and those policies would deny access to rows with different invite codes.

Improve this question
Related questions
0
How can i use hCaptcha verification to protect a table in supabase?
0
Supabase Realtime subscription not working with custom JWT and RLS in Next.js + NextAuth setup
0
Supabase RLS policy issue
Load 4 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.