[marktangotango]

How is authentication/authorization handled with this stack? Or sign up with email validation and password reset?

[hasty_pudding]

It's a little bit involved but doable.

https://postgrest.org/en/stable/references/auth.html

[bigEnotation]

So where is the secret key stored for signing the JWT? In the front end as well?

Edit: Oh I found it here: https://postgrest.org/en/stable/how-tos/sql-user-management....

That’s a pretty neat design. Also an interesting attack surface

[est]

RDBMS auth and roles are a thing. They even support mTLS.