Open rsimon opened 1 month ago
I am also experiencing this issue in Next.js 14 with @supabase/ssr@0.4.0
. I am calling supabase.auth.getUser()
in middleware as mentioned in docs. This bug occurs in the following:
supabase.auth.signInWithPassword()
from a client component login page./logout
/logout
is a server component that calls supabase.auth.signOut()
and redirects user back to login pageThe docs suggest using server actions to do login I will try that see if i get the same error.
https://github.com/user-attachments/assets/56cf451a-eb87-40dd-9e96-4d63e6c8146c
My middleware:
export async function updateSession(request: NextRequest) {
let supabaseResponse = NextResponse.next({
request,
})
const supabase = supabaseServerClient(
{
getAll() {
return request.cookies.getAll()
},
setAll(cookiesToSet) {
cookiesToSet.forEach(({ name, value }) => request.cookies.set(name, value))
supabaseResponse = NextResponse.next({
request,
})
cookiesToSet.forEach(({ name, value, options }) =>
supabaseResponse.cookies.set(name, value, options)
)
},
});
const {
data: { user },
error
} = await supabase.auth.getUser();
const url = request.nextUrl.clone();
if (
!user &&
url.pathname.startsWith('/bookings')
) {
// no user, respond by redirecting the user to the login page
url.pathname = '/'
return NextResponse.redirect(url)
}
if (user && url.pathname.startsWith('/register') || user && url.pathname === '/') {
url.pathname = '/bookings';
return NextResponse.redirect(url);
}
if (error) {
console.error('Supabase error:', error);
}
return supabaseResponse;
}
My supabase server client:
import { CookieMethodsServer, createServerClient } from '@supabase/ssr'
export default (cookieConfig: CookieMethodsServer) => {
return (createServerClient(
process.env.NEXT_PUBLIC_SUPABASE_URL!,
process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,
{
cookies: cookieConfig
}
));
};
Very similar where it's intermittent.
What we also experimented is - we've taken a copy of the network request as a CURL. We replay it some time after with the same JWT and it'll work.
Hi We are also having the issue with this when we send jwt from Remix app to the backend FastAPI server to validate request function.
Bug report
Describe the bug
We've been getting the above error message ("AuthApiError: Session from session_id claim in JWT does not exist") when accessing
supabase.auth.getUser()
on the server (SSR) right after successful log-in, after switching from@supabase/auth-helpers-shared@0.3.4
to@0.7.0
.Weirdly enough, the problem doesn't always occur, almost as if a timing issue were involved somewhere. But certainly in the majority of attempts.
To Reproduce
SIGNED_IN
event in thesupabase.auth.onAuthStateChange
handler.access_token
andrefresh_token
from the session, and are setting cookies.auth-helper-shared
(which works for us)access_token
andrefresh_token
(again: works)supabase.auth.getUser()
to get the user object (fails with the above error)We use the following code on the server to create the supabase client. This code is run every time a user visits a protected route.
Aditionally, here's our code for retrieving the user object. Likewise, this gets called each time the user visits a protected route, immediately after creating our client.
Expected behavior
We can confirm that every time the user hits a protected route...
supabase.auth.getUser()
, we're gettingSession from session_id claim in JWT does not exist error
.System information
Additional context
@supabase/auth-helpers-shared
. But I cannot rule out that it's us, doing something stupid somewhere. Let me know if you have any ideas on what might be going wrong, or if I can provide any additional info to help diagnose the issue.auth.identities
table.