feat: add sign in with ethereum (#2069)
Adds Sign in with Ethereum. Configure it by:
```
GOTRUE_EXTERNAL_WEB3_ETHEREUM_ENABLED="carview.php?tsp=true"
GOTRUE_EXTERNAL_WEB3_ETHEREUM_MAXIMUM_VALIDITY_DURATION="10m"
```
SIWS & SIWE are based off of EIP-4361, which is referenced here:
https://eips.ethereum.org/EIPS/eip-4361, so they are close in
implementation with slight differences between address/signature
verification format & algorithm.
For Ethereum, specifically the signature verification part, It requires
recovering the public address from the signature, and then testing the
signature against it, with the algorithm Ethereum uses, this is tedious
to implement without using the https://github.com/ethereum/go-ethereum
package, as the verification has some error correction that it does,
would be hard to test/maintain without the dependency, let me know what
you think.

feat: add support for managing SSO providers by resource_id (#2081)
Some time ago a `resource_id` was added to the `sso_providers` table to
support infrastructure as code use cases down the road. This change adds
basic support for utilizing this field to manage SSO providers.
Key changes:
- Updated API for SSO providers to allow get, put, delete by
`resource_id`
- Extended `loadSSOProvider` to accept `resource_`-prefixed `idp_id`
values
- Added optional `resource_id` field to `SSOProvider` model
- Implemented `FindSSOProviderByResourceID` in model layer
- Renamed `FindAllSAMLProviders` to `FindAllSSOProviders`
- Added filtering to the `/admin/sso/providers` via
`?resource_id{,_prefix}=`
- Included full E2E test coverage for SSO provider api
---------
Co-authored-by: Chris Stockton <chris.stockton@supabase.io>

feat: skip nonce check for Facebook Limited Login auth (#2082)
## What kind of change does this PR introduce?
nonce matching isn't supported for facebook limited login, skipping it
during OIDC login. finalizes #2046

chore(master): release 2.177.0 (#2059)
🤖 I have created a release *beep* *boop*
---
##
[2.177.0](v2.176.1...v2.177.0)
(2025-07-05)
### Features
* add option to disable writing to `audit_log_entries`
([#2073](#2073))
([80758dd](80758dd))
* add snapchat provider
([#2071](#2071))
([fca8ea4](fca8ea4))
* enhance login analytics
([#2078](#2078))
([1aed4a2](1aed4a2))
* fallback to jwt secret if alg is `HS256` and the `kid` is not
recognized ([#2072](#2072))
([8fa99bd](8fa99bd))
* ignore `aud` claim from admin jwt (`service_role` never had one)
([#2070](#2070))
([57eddcb](57eddcb))
### Bug Fixes
* add missing provider info to signedup audit logs
([#2061](#2061))
([c6e0cbe](c6e0cbe))
* **auditlog:** keep writing to logs even postgres is disabled
([#2076](#2076))
([b89bc32](b89bc32))
* do not log fatal when http server successfully closes
([#2065](#2065))
([1f7de6c](1f7de6c))
* invites should send another email when user exists
([#2058](#2058))
([96469bd](96469bd))
* use `appleid.apple.com` as default issuer
([#2068](#2068))
([963a781](963a781))
* use `split_words` config option for `AuditLog`
([#2075](#2075))
([7ecb234](7ecb234))
---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

feat: enhance login analytics (#2078)
## Summary
Enhance login analytics mainly by adding missing provider information in
Supabase Auth. This ensures all authentication flows are properly
tracked with structured data.

feat: enhance login analytics (#2078)
## Summary
Enhance login analytics mainly by adding missing provider information in
Supabase Auth. This ensures all authentication flows are properly
tracked with structured data.

feat: ignore `aud` claim from admin jwt (`service_role` never had one) (
#2070)
There's a problem with new Secret API keys which mint a JWT where the
`aud` claim is the requested resource. This is confusing list admin
users in returning no users (since there's no such audience).
`service_role` never had an `aud` claim in it, so this is the proper
place to fix this.

fix(auditlog): keep writing to logs even postgres is disabled (#2076)
move `DisablePostgres` check after payload mutation to ensure auth_event
logs have the same data prior to introduce of the `DisablePostgres`
config

feat: fallback to jwt secret if alg is `HS256` and the `kid` is not r…
…ecognized (#2072)
Some customers may be using JWTs signed with the JWT secret but they may
be advertising a `kid` claim for their own purposes. Auth should try to
reasonably accept those JWTs.

fix: use `split_words` config option for `AuditLog` (#2075)
Without this the config should be `GOTRUE_AUDITLOG_DISABLE_POSTGRES`
instead (no underscore).