Comments (6)
We're also experiencing problems that in our middleware, await this.supabaseAdminClient.auth.getUser(jwtToken)
sometimes returns null.
We're on "@supabase/supabase-js": "^2.39.8"
.
from supabase.
I was able to peice together a solution following this blog post https://jonmeyers.io/blog/forwarding-cookies-from-server-components-to-route-handlers-with-next-js-app-router
How ever i was not able to manually create a session with the tokens from an api route. I think this is still a bug and so I will not close this issue
EDIT:
This is not actually a fix. This fixes the session existing in API routes but since the headers()
is read only it is impossible to pass anything else to the api route or for that matter the middleware which we use for verifying api access. This is not going to work so the problem still persists
Setting an environment variable in the next.config for every route also does not work to pass into the headers. setting it for every route would leak api keys to all requests
from supabase.
I came up with an ok solution it is not perfect but it works. This uses getSession
from the server page and passes the jwt to the api route. I then verify it and return an instance of supabase with the session intact. This can then be used in any API route aslong as the session is included in the request.
export async function supabaseClientWithVerifiedSession(req: NextRequest) {
const supabase = supabaseServerClient()
const token = req.headers.get("jwt-token")
if (!token) throw new Error("No token provided")
const { access_token, refresh_token } = JSON.parse(token) as { access_token: string; refresh_token: string }
jwt.verify(access_token, env.SUPABASE_JWT_SECRET)
const { error } = await supabase.auth.setSession({ access_token, refresh_token })
if (error) throw error
return supabase
}
The solution in my previous comment does not work due to not being able to modify the headers()
function. We have a few microservices that all use other security headers so not being able to add headers was not going to work for us. This way allows us to have a standalone API with an active session. We also have a mobile app so we can in the future use the JWT to get data on the app.
from supabase.
Did your try step 4 from the Supabase guide? The "updateSession" function might be the thing you're looking for maybe?
from supabase.
Are there any updates on this situation? I have the same issue, but it seems like this issue has been open for a while without a response. Are there any temporary solutions?
from supabase.
They do not seem interested in getting this to work correctly. My solution above works but requires the session to be created each time an API route is called. It also requires you to send the tokens in every request. I have not been able to come up with a better solution.
I will admit it has the added benefit of being able to test the API directly within something like postman by just copying the cookie into the headers
from supabase.
Related Issues (20)
- Docs don't say what the default database user ID & password are. HOT 5
- Deno secrets example has typo
- Issue logging into supabase website with github creds HOT 1
- Chore: Replace go-gomail/gomail with wneessen/go-mail HOT 2
- Unable to Upload large zip file of zip files over 5gb on production HOT 10
- 413 Payload Too Large HOT 4
- Supabase logo overlap with menu HOT 1
- Unable to create user due to CSP in docke3r env HOT 2
- Supabase vercel integration doesn't detect vite project
- Logs are not working properly | Getting 502 errors HOT 2
- [Self Hosting] supabase-analytics is unhealthy, Monotonic time stepped backwards. HOT 2
- Verify Custom Claims on Server Side in Nextjs Middleware.ts HOT 3
- There should be an api for deleting folders HOT 3
- CORS Error for Auth Request from React app to local Supabase HOT 3
- Unable to do large Deletes Supabase Storage Hosted supabase.com HOT 7
- Pagination fails for storage beyond first page at root resource - Supabase.com Hosted HOT 1
- Could not create new items HOT 1
- SvelteKit: VerifyOTP not saving session HOT 7
- In the docs, deno guide page shows Not Found due to 404 error HOT 2
- Local Development - Supabase Vector does not start when using remote docker daemon - Unknown scheme: tcp HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from supabase.