We want to make Supabase Auth as our central (and only) auth system for our Ghost Members, using a theme hosted on Ghost(Pro). The only part that we currently don’t know, is it possible to programmatically create the member session cookies without going the usual magic link/otp route from Ghost auth?
After Ghost member logs in via Supabase auth, we need to self sign the session cookies and deliver to the client. We have read about some hacky solutions but when Ghost is self-hosted.
Has anyone had such a requirement and implementation?
I haven’t done it with Supabase, but I’ve done it with other providers. You’ll want some back-end (NOT client side) process to use Ghost’s Admin API key with the members/signin_urls endpoint to get a link, that you then redirect the user’s browser to, getting them logged into Ghost.
(Yes, doable on Ghost Pro, but you’re likely to need a little bit of cloud function ‘glue’ between Supabase and Ghost to securely hold your Admin API key, confirm that the user is good with Supabase Auth (validate their JWT?), and then talk to Ghost to get the url for redirection.)
Thank you @Cathy_Sarisky
Cloud function/back-end that use the api admin key is fine and we already plan to do that. You are mentioning the members/signin_urls endpoint, but I can’t find those in the Ghost docs? What would the url for redirection look like - is it the same as a magic link with token?
I recommend watching the API calls when you generate an impersonation link for a member. It’s that endpoint, and that link.
Big tip: Ghost “talks to itself”, so watching the network calls with dev tools while doing the desired action is a great way to figure out undocumented endpoints.
2 Likes