Auth and Security
out of the box.
Users, permissions, and social logins come integrated with your data.
No need for a separate auth system
Instant comes with a built-in auth system that supports multiple auth methods. Integration only takes a few lines of code.
Want to use another auth provider? You can do that too!
Sign in
| projects | tasks | |
|---|---|---|
| mark.s@lumon | ||
| helly.r@lumon | ||
| irving.b@lumon | ||
| dylan.g@lumon |
Users are just another table
The $users table is a first-class table in your database. You can query it, link to it, and transact with it just like any other table. No need to sync user data from an external auth provider.
Fine-grained access control
Instant uses Google's Common Expression Language for defining permission rules. This is the same language that powers security checks for Firebase, Kubernetes, and Google Cloud IAM.
Instead of writing RLS policies or creating server endpoints to enforce permissions, you can define your rules as code and have them enforced for all queries and transactions.
Your rules can traverse relationships in your data, leverage auth, and use helper functions and variables to express complex logic.
1// Only the creator can see their own todos2const rules = {3 todos: {4 allow: {5 view: "auth.id == data.creatorId",6 update: "auth.id == data.creatorId",7 delete: "auth.id == data.creatorId",8 },9 },10};