Auth

[kiwicopple]

Tracks progress on supabase/supabase#111

[awalias]

issue to discuss the specification of methods in supabase-js to invoke auth endpoints on auth/v1

the endpoints that will be targeted are:

`auth/v1/signup`
`auth/v1/login` (actually makes a claim on the gotrue /token endpoint. also does token refreshing)
`auth/v1/logout`
`auth/v1/recover`? (sends recovery email)
`auth/v1/user`? (returns current user details)
`auth/v1/verify`? (verifies a token sent over email to activate an account)
`auth/v1/invite`? (sends invite email)

more details regarding the function of the endpoints found here (you'll have to scroll past the env vars to the relevant section)

initial idea discussed with @kiwicopple was to allow the user to create a single client and call methods on an auth namespace like:

import { createClient } from '@supabase/supabase-js'

const supabase = createClient(URL, KEY)

await supabase.auth.signup(new_email, new_password)
await supabase.auth.login(email, password) // might also return jwt so it can be managed manually 
await supabase.auth.logout()

signup (if not requiring email confirmation) and login will set a cookie containing the auth-token, which will then be sent in a header for any call to logout, or calls to rest or realtime methods (subscribe(), select() etc.)

[awalias]

just linking this here netlify/gotrue#255 as the gotrue /token interface may change

[awalias]

I think we also want to take on the work of refreshing the token depending on the jwt_expiry built into the client

[kiwicopple]

Cross-referencing supabase/postgres#27 which has a JWT dependency