Add a 'Post User Creation' auth hook (or 'After User Creation')

[UliPrantz]

Problem

The Before User Created Auth hook is great when wanting full control of which users are created and which properties created users are going to have. However, they have a significant issue: it's impossible to insert data into the database that is directly linked to the user being created.

The problem is straightforward: since the user hasn't been created yet, any foreign key integrity check will fail because there's no user entity to link to.

Proposal

Add another auth hook, which is triggered once the user is inserted into the database and which is awaited before returning successfully to supabase.auth.signup(). That way, developers can set up the user's account properly on the backend side, and once the user is actually signed in on the frontend, everything is ready to use. The Post User Creation or After User Creation auth hook

Example usage

A new user is created, and now I have to seed a variety of tables in the database to initialize this user:

1. I want to label this user as a new user who hasn't gone through the welcome demo yet, therefore, I need to initialize its user_profile with demo_finished=false
2. I want to schedule a welcome email and notification, therefore, I need to insert a scheduled notification into my notifications table so it can get picked up from my notification scheduler service
3. I want to give my user some initial testing credits, therefore, I need to insert a credit balance for this user in the credit table
4. Many, many more things depending on one's needs (all of them have in common that they are coupled to the user's id in the auth's user table

More context on database schema

My database schema is simple (and probably analogous to most Supabase DB schemas). I have a user_profile with an id (primary key) and a user_id (foreign key to auth's user.id. I use the user_profile.user_id in almost every other table throughout my database as a reference. This way, I can minimize RLS merges since the user_id in every table matches the one in auth's user.id. At the same time, this approach gives me full flexibility. I can simply replace the reference in user_profile.user_id with auth's user.id, and with that change, all my data becomes independent of the internal Supabase data schemas.

My user_profile table includes properties such as demo_finished to track user progress and other attributes that don't fit within Supabase's default authentication schema. Since transitively most tables depend on the auth's user.id through a foreign key relationship, it is not possible to do any of these initialization operations in the Before User Created Auth hook!

[GaryAustin1]

Right now you have to use an auth.users trigger function to process after the row is created, or before depending on what all you need to do.

I've seen an after hook one mentioned like they plan on it, but it is not available yet.

[GaryAustin1]

This was added 3 weeks ago to the auth repository....

[UliPrantz]

Any timelines on when this will be available through the Auth Hooks feature? Or is it already possible to use this through the config.toml configuration?

[auth.hook.<hook_name>] # what would be the name here?
enabled = true

If you have any info on that already, that would be game-changing :D

[GaryAustin1]

I have no inside SB info on timelines for features. Just had noticed the process is underway when looking at their source for something else.
Not sure if it works yet or still pieces missing. The CLI may not support the variable yet. The dashboard also would need support.

As far as name I assume it would be just like the before trigger which is [auth.hook.before_user_created] but with after instead of before.

[UliPrantz]

Just tested it with the following in config.toml:

# This hook runs before a new user is created
[auth.hook.after_user_created]
enabled = true
uri = "http://host.docker.internal:54321/functions/v1/test"

And got the following error:

$ pnpm supabase functions serve
Using workdir /supabase
failed to parse config: decoding failed due to the following error(s):
                                                                      
'auth.hook' has invalid keys: after_user_created                      
Try rerunning the command with --debug to troubleshoot the error.

[GaryAustin1]

Then seems like not implemented yet.

[konami99]

Although post user create hook is not available yet, we can still create post user create trigger, through Supabase CLI:

For example, this is generated by Supabase MCP

-- Create trigger function to seed UserProfile after auth user creation
CREATE OR REPLACE FUNCTION public.handle_new_auth_user()
RETURNS trigger
LANGUAGE plpgsql
SECURITY DEFINER
SET search_path = public, auth
AS $$
BEGIN
  INSERT INTO public."UserProfile" ("userId", "paid", "createdAt", "updatedAt")
  VALUES (NEW.id, false, now(), now())
  ON CONFLICT ("userId") DO NOTHING;

  RETURN NEW;
END;
$$;

-- Ensure idempotency if re-run
DROP TRIGGER IF EXISTS on_auth_user_created ON auth.users;

CREATE TRIGGER on_auth_user_created
AFTER INSERT ON auth.users
FOR EACH ROW
EXECUTE FUNCTION public.handle_new_auth_user();

Then a trigger will be created in auth:

The handle_new_auth_user function will be created in public:

The database function can also call external API.

We cannot create a trigger on auth in Supabase dashboard, but it can done through CLI.

You might also want to create another migration, to backfill existing users.

[UliPrantz]

This was always possible through Postgres triggers, wasn't it? Or am I missing anything regarding the Supabase Auth Hook functionality. Nevertheless, thanks for sharing and raising awereness :D

[daniel-xyz]

Thanks for bringing this up. I currently use a database trigger to pass some values from the frontend into the user_profiles table and to randomly generate a username (with retry logic). It works, but I hate having that kind of logic inside the database. Glad to hear that a hook is coming.