jrklaus8 yanks Supabase out of mike-Canada's front door

A login screen rebuilt around the idea that Canadian lawyers' credentials shouldn't leave Canadian soil.

securitycompliance

The login flow used to hand sign-ins to Supabase, a hosted US-based service that manages user accounts in the cloud. jrklaus8 has cut that out and pointed the form at the fork's own server instead, keeping the token it issues entirely client-side. The stated reason is data sovereignty: credentials routed through a foreign service can end up on foreign infrastructure, and this fork wants them to stay home. The screen now reads "Log In (LSO Compliant)," and the fine print talks about a lawyer's review obligations under the Law Society of Ontario's conduct rules.

Worth being clear-eyed: the front end is finished, but the server it talks to is still a placeholder that hands out a token without actually checking the password. The signing key is hardcoded with a note to fix it later. This is a pattern to study, not a system to trust yet.

So what If you're weighing a keep-it-in-country authentication setup for a Canadian legal product, the client-side half here is a clean template - just don't mistake the demo backend for a secure one.

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?

SHA	Subject	Author	Date
`5061e2d7`	feat: Replace Supabase with Local JWT for LSO Data Sovereignty on Login Page	MikeOSS Bot	2026-05-22	↗ GitHub

SHA

Subject

Author

Date

5061e2d7

feat: Replace Supabase with Local JWT for LSO Data Sovereignty on Login Page

MikeOSS Bot

2026-05-22

↗ GitHub

Capture this thread into my fork

Download a single Markdown prompt that tells Claude how to port every commit above into your working tree — adapting paths and structure to match your repo. Run it via claude -p < capture-thread-540.md from inside the repo you want the changes in.

jrklaus8 yanks Supabase out of mike-Canada's front door

Commits in this thread

Capture this thread into my fork