Auth is Easy (Until You Need Organizations)

I’m not going to bash Supabase again. I love it. The DX is great, the auth just works, but it really only works for a single user.

But as soon as your app needs teams, things get complicated fast.

When “auth” becomes “identity spaghetti”

Here’s what I wanted:

• Users can create and join organizations
• An org can invite members
• Users can belong to multiple orgs
• Data is scoped per-org
• Some users are admins, others aren’t

Seems simple, right? But Supabase (like Firebase, like Auth.js) doesn’t have a concept of organizations. Just users.

So the moment you add orgs, you’re building:

• Database schema to track orgs and memberships
• Logic to switch active orgs per session
• Permission rules tied to user/org roles
• Custom invites, email flows, domain-based auto-join
• Frontend UI to manage all of the above

It’s not auth anymore. It’s identity + access + tenancy + billing + “why did I think this was a weekend project?”

Why we built Update

I didn’t want to reinvent auth—I just wanted this:

“Only allow access to this resource if the user belongs to the org and has the right plan.”

That’s what Update handles.

• Organizations out of the box
• Role-based permissions per org
• Billing attached to teams or users
• Auto-join by email domain
• Everything scoped automatically

Example: Adding org-aware auth to Supabase (currently in beta!)

Update wraps your Supabase client, so you get everything you’re used to—plus orgs, billing, and permissions.

import { createClient } from "@updatedev/js/supabase";

const client = createClient(
  process.env.NEXT_PUBLIC_UPDATE_PUBLIC_KEY!,
  process.env.NEXT_PUBLIC_SUPABASE_URL!,
  process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!
);

Users can now create and switch orgs:

await client.orgs.create("Acme Inc");
await client.orgs.switch(orgId);

You can invite users to orgs, or set up auto-join by domain:

await client.orgs.invite(orgId, "[email protected]");

await client.orgs.setAutoJoinDomain(orgId, "acme.com");

Entitlements and permissions are baked in:

const { data } = await client.entitlements.check("can_view_dashboard");

if (!data.hasAccess) {
  redirect("/upgrade");
}

TL;DR

Supabase is awesome—until you need teams.

That’s where Update fits in.

It adds orgs, billing, and permissions on top of your existing stack.

No need to DIY roles + invites + permissions + billing glue logic.

You ship faster. Your users get teams. Everyone wins.

If you’re building anything with users and teams, check it out:

👉 https://www.update.dev