insforge-integrations
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseInsForge Integrations
InsForge 集成
This skill covers integrating third-party authentication providers with InsForge. Each provider has its own guide under this directory.
本skill介绍如何将第三方身份认证提供商与InsForge进行集成。本目录下为每个提供商单独提供了对应的指南。
Supported Providers
支持的提供商
| Provider | Guide | When to use |
|---|---|---|
| Clerk | Clerk JWT Templates + InsForge RLS | Clerk signs tokens directly via JWT Template — no server-side signing needed |
| Auth0 | Auth0 Actions + InsForge RLS | Auth0 uses a post-login Action to embed claims into the access token |
| WorkOS | WorkOS AuthKit + InsForge RLS | WorkOS AuthKit middleware + server-side JWT signing with |
| Kinde | Kinde + InsForge RLS | Kinde token customization for InsForge integration |
| Stytch | Stytch + InsForge RLS | Stytch session tokens for InsForge integration |
| 提供商 | 指南内容 | 适用场景 |
|---|---|---|
| Clerk | Clerk JWT 模板 + InsForge RLS | Clerk通过JWT模板直接签发令牌,无需服务端签名 |
| Auth0 | Auth0 Actions + InsForge RLS | Auth0使用登录后Action将声明嵌入访问令牌 |
| WorkOS | WorkOS AuthKit + InsForge RLS | WorkOS AuthKit中间件 + 基于 |
| Kinde | Kinde + InsForge RLS | 针对InsForge集成的Kinde令牌自定义配置 |
| Stytch | Stytch + InsForge RLS | 用于InsForge集成的Stytch会话令牌 |
Common Pattern
通用模式
All integrations follow the same core pattern:
- Auth provider signs or issues a JWT containing the user's ID
- JWT is passed to InsForge via in
edgeFunctionTokencreateClient() - InsForge extracts claims via in SQL
request.jwt.claims - RLS policies use a function to enforce row-level security
requesting_user_id()
所有集成都遵循相同的核心流程:
- 认证提供商签发包含用户ID的JWT
- 通过中的
createClient()参数将JWT传递给InsForgeedgeFunctionToken - InsForge通过SQL中的提取声明信息
request.jwt.claims - RLS策略使用函数强制执行行级安全规则
requesting_user_id()
Choosing a Provider
如何选择提供商
- Clerk — Simplest setup; JWT Template handles signing, no server code needed
- Auth0 — Flexible; uses post-login Actions for claim injection
- WorkOS — Enterprise-focused; AuthKit middleware + server-side JWT signing
- Kinde — Developer-friendly; built-in token customization
- Stytch — API-first; session-based token flow
- Clerk — 配置最简单,JWT模板负责签名,无需编写服务端代码
- Auth0 — 灵活性高,使用登录后Action注入声明
- WorkOS — 面向企业级场景,提供AuthKit中间件+服务端JWT签名能力
- Kinde — 对开发者友好,内置令牌自定义功能
- Stytch — API优先,采用基于会话的令牌流
Setup
配置步骤
- Identify which auth provider the project uses
- Read the corresponding reference guide from the table above
- Follow the provider-specific setup steps
- 确认项目使用的身份认证提供商
- 阅读上表中对应的参考指南
- 遵循对应提供商的专属配置步骤操作
Usage Examples
使用示例
Each provider guide includes full code examples for:
- Auth provider dashboard configuration
- InsForge client utility with
edgeFunctionToken - SQL function and RLS policies
requesting_user_id() - Environment variable setup
Refer to the specific file for complete examples.
references/<provider>.md每个提供商的指南都包含完整的代码示例,覆盖以下场景:
- 认证提供商控制台配置
- 携带的InsForge客户端工具
edgeFunctionToken - SQL函数与RLS策略
requesting_user_id() - 环境变量配置
请查看对应文件获取完整示例。
references/<provider>.mdBest Practices
最佳实践
- All provider user IDs are strings (not UUIDs) — always use columns for
TEXTuser_id - Use instead of
requesting_user_id()for RLS policiesauth.uid() - Set as an async function (Clerk) or server-signed JWT (Auth0, WorkOS, Kinde, Stytch)
edgeFunctionToken - Always get the JWT secret via
npx @insforge/cli secrets get JWT_SECRET
- 所有提供商的用户ID均为字符串类型(不是UUID)—— 请始终使用
user_id类型字段TEXT - RLS策略请使用而非
requesting_user_id()auth.uid() - 将设置为异步函数(Clerk场景)或服务端签名的JWT(Auth0、WorkOS、Kinde、Stytch场景)
edgeFunctionToken - 始终通过命令获取JWT密钥
npx @insforge/cli secrets get JWT_SECRET
Common Mistakes
常见问题
| Mistake | Solution |
|---|---|
Using | Use |
Using UUID columns for | Use |
| Hardcoding the JWT secret | Always retrieve via |
Missing | Must be created before RLS policies will work |
| 错误操作 | 解决方案 |
|---|---|
RLS中使用 | 使用 |
| 使用 |
| 硬编码JWT密钥 | 始终通过 |
未创建 | 必须先创建该函数,RLS策略才能正常工作 |