insforge-integrations

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

InsForge Integrations

InsForge 集成

This skill covers integrating third-party authentication providers with InsForge. Each provider has its own guide under this directory.

本skill介绍如何将第三方身份认证提供商与InsForge进行集成。本目录下为每个提供商单独提供了对应的指南。

Supported Providers

支持的提供商

Provider	Guide	When to use
Clerk	Clerk JWT Templates + InsForge RLS	Clerk signs tokens directly via JWT Template — no server-side signing needed
Auth0	Auth0 Actions + InsForge RLS	Auth0 uses a post-login Action to embed claims into the access token
WorkOS	WorkOS AuthKit + InsForge RLS	WorkOS AuthKit middleware + server-side JWT signing with `jsonwebtoken`
Kinde	Kinde + InsForge RLS	Kinde token customization for InsForge integration
Stytch	Stytch + InsForge RLS	Stytch session tokens for InsForge integration

提供商	指南内容	适用场景
Clerk	Clerk JWT 模板 + InsForge RLS	Clerk通过JWT模板直接签发令牌，无需服务端签名
Auth0	Auth0 Actions + InsForge RLS	Auth0使用登录后Action将声明嵌入访问令牌
WorkOS	WorkOS AuthKit + InsForge RLS	WorkOS AuthKit中间件 + 基于 `jsonwebtoken` 的服务端JWT签名
Kinde	Kinde + InsForge RLS	针对InsForge集成的Kinde令牌自定义配置
Stytch	Stytch + InsForge RLS	用于InsForge集成的Stytch会话令牌

Common Pattern

通用模式

All integrations follow the same core pattern:

Auth provider signs or issues a JWT containing the user's ID
JWT is passed to InsForge via
```
edgeFunctionToken
```
in
```
createClient()
```
InsForge extracts claims via
```
request.jwt.claims
```
in SQL
RLS policies use a
```
requesting_user_id()
```
function to enforce row-level security

所有集成都遵循相同的核心流程：

认证提供商签发包含用户ID的JWT
通过
createClient()
中的
edgeFunctionToken
参数将JWT传递给InsForge
InsForge通过SQL中的
request.jwt.claims
提取声明信息
RLS策略使用
requesting_user_id()
函数强制执行行级安全规则

Choosing a Provider

如何选择提供商

Clerk — Simplest setup; JWT Template handles signing, no server code needed
Auth0 — Flexible; uses post-login Actions for claim injection
WorkOS — Enterprise-focused; AuthKit middleware + server-side JWT signing
Kinde — Developer-friendly; built-in token customization
Stytch — API-first; session-based token flow

Clerk — 配置最简单，JWT模板负责签名，无需编写服务端代码
Auth0 — 灵活性高，使用登录后Action注入声明
WorkOS — 面向企业级场景，提供AuthKit中间件+服务端JWT签名能力
Kinde — 对开发者友好，内置令牌自定义功能
Stytch — API优先，采用基于会话的令牌流

Setup

配置步骤

Identify which auth provider the project uses
Read the corresponding reference guide from the table above
Follow the provider-specific setup steps

确认项目使用的身份认证提供商
阅读上表中对应的参考指南
遵循对应提供商的专属配置步骤操作

Usage Examples

使用示例

Each provider guide includes full code examples for:

Auth provider dashboard configuration
InsForge client utility with
```
edgeFunctionToken
```
```
requesting_user_id()
```
SQL function and RLS policies
Environment variable setup

Refer to the specific

references/<provider>.md

file for complete examples.

每个提供商的指南都包含完整的代码示例，覆盖以下场景：

认证提供商控制台配置
携带
```
edgeFunctionToken
```
的InsForge客户端工具
```
requesting_user_id()
```
SQL函数与RLS策略
环境变量配置

请查看对应

references/<provider>.md

文件获取完整示例。

Best Practices

最佳实践

All provider user IDs are strings (not UUIDs) — always use
```
TEXT
```
columns for
```
user_id
```
Use
```
requesting_user_id()
```
instead of
```
auth.uid()
```
for RLS policies
Set
```
edgeFunctionToken
```
as an async function (Clerk) or server-signed JWT (Auth0, WorkOS, Kinde, Stytch)

Always get the JWT secret via

npx @insforge/cli secrets get JWT_SECRET

所有提供商的用户ID均为字符串类型（不是UUID）——
```
user_id
```
请始终使用
```
TEXT
```
类型字段
RLS策略请使用
```
requesting_user_id()
```
而非
```
auth.uid()
```
将
```
edgeFunctionToken
```
设置为异步函数（Clerk场景）或服务端签名的JWT（Auth0、WorkOS、Kinde、Stytch场景）

始终通过

npx @insforge/cli secrets get JWT_SECRET

命令获取JWT密钥

Common Mistakes

常见问题

Mistake	Solution
Using `auth.uid()` for RLS	Use `requesting_user_id()` — third-party IDs are strings, not UUIDs
Using UUID columns for `user_id`	Use `TEXT` — all supported providers use string-format IDs
Hardcoding the JWT secret	Always retrieve via `npx @insforge/cli secrets get JWT_SECRET`
Missing `requesting_user_id()` function	Must be created before RLS policies will work

错误操作	解决方案
RLS中使用 `auth.uid()`	使用 `requesting_user_id()` —— 第三方ID为字符串类型，不是UUID
`user_id` 使用UUID类型字段	使用 `TEXT` 类型 —— 所有支持的提供商均使用字符串格式的ID
硬编码JWT密钥	始终通过 `npx @insforge/cli secrets get JWT_SECRET` 命令获取
未创建 `requesting_user_id()` 函数	必须先创建该函数，RLS策略才能正常工作