Does Supabase Work With Lucia?
Yes, Supabase and Lucia work excellently together—use Supabase's PostgreSQL for user storage and Lucia for lightweight, framework-agnostic session management.
Quick Facts
How Supabase Works With Lucia
Supabase provides a managed PostgreSQL database with built-in auth helpers, while Lucia offers a minimal session management layer that works with any backend. The combination leverages Supabase's database reliability and auth infrastructure alongside Lucia's simplicity and flexibility. You store user data in Supabase's auth schema or custom user tables, then use Lucia to manage sessions—either cookie-based or token-based—without being locked into Supabase's opinionated session model. This is particularly powerful because Lucia integrates seamlessly with frameworks like SvelteKit, Astro, and Next.js, letting you build full-stack apps that aren't constrained by a single auth provider. The PostgreSQL foundation means you can extend user data with custom tables and relationships while keeping auth logic clean and testable.
Best Use Cases
Quick Setup: Lucia Session with Supabase PostgreSQL
npm install lucia @supabase/supabase-js @node-rs/argon2import { Lucia } from 'lucia';
import { PostgresAdapter } from 'lucia/adapters/postgresql';
import { createClient } from '@supabase/supabase-js';
const supabase = createClient(process.env.SUPABASE_URL, process.env.SUPABASE_ANON_KEY);
const db = supabase.connection; // or use native pg client
const adapter = new PostgresAdapter(db, {
user: 'auth_users',
session: 'auth_sessions'
});
export const lucia = new Lucia(adapter, {
sessionCookie: {
attributes: {
secure: process.env.NODE_ENV === 'production',
httpOnly: true,
sameSite: 'lax'
}
}
});
// In your login route:
import { hash, verify } from '@node-rs/argon2';
const user = await db.query('SELECT * FROM auth_users WHERE email = $1', [email]);
const validPassword = await verify(user.password_hash, password);
if (validPassword) {
const session = await lucia.createSession(user.id, {});
// Set session cookie in response
}Known Issues & Gotchas
Lucia doesn't provide password hashing out of the box; you must choose and integrate Argon2 or similar yourself
Fix: Install a hashing library like `@node-rs/argon2` or `bcrypt` and implement password verification in your auth routes
Supabase's built-in auth service (Gotrue) conflicts conceptually with Lucia sessions if both are used simultaneously
Fix: Pick one: use Supabase auth OR Lucia sessions. If using Supabase auth, skip Lucia and use their session tokens directly
Session storage in cookies requires secure HTTPS in production; development with localhost HTTP works but needs `sameSite: 'Lax'` adjustments
Fix: Use environment-based cookie settings; test with `NODE_ENV` to toggle security attributes during development
Alternatives
- •Next-Auth.js + Supabase: Opinionated but includes built-in OAuth providers and database adapters
- •Supabase Auth (Gotrue) alone: No additional layer needed, but less flexible for custom session logic
- •Auth0 + Lucia: Enterprise auth service with Lucia for lightweight session handling in smaller deployments
Resources
Related Compatibility Guides
Explore more compatibility guides