search

supabase / supabase-js

An isomorphic Javascript client for Supabase. Query your Supabase database, subscribe to realtime events, upload and download files, browse typescript examples, invoke postgres functions via rpc, invoke supabase edge functions, query pgvector.
https://supabase.com
MIT License
2.83k stars 219 forks source link

auth.getUser() returns null user and AuthSessionMissingError in supabase-js@2.42.5 #1024

Closed ryan-voitiskis closed 1 week ago

ryan-voitiskis commented 1 week ago

Bug report

Describe the bug

In supabase-js@2.42.5 auth.getUser() returns:

{
  data: { user: null },
  error: AuthSessionMissingError: Auth session missing!
    at https://esm.sh/v135/@supabase/auth-js@2.63.1/esnext/auth-js.mjs:2:29430
    at _._useSession (https://esm.sh/v135/@supabase/auth-js@2.63.1/esnext/auth-js.mjs:2:27513)
    at eventLoopTick (ext:core/01_core.js:64:7)
    at async _._getUser (https://esm.sh/v135/@supabase/auth-js@2.63.1/esnext/auth-js.mjs:2:29103)
    at async https://esm.sh/v135/@supabase/auth-js@2.63.1/esnext/auth-js.mjs:2:28966
    at async https://esm.sh/v135/@supabase/auth-js@2.63.1/esnext/auth-js.mjs:2:26793 {
    __isAuthError: true,
    name: "AuthSessionMissingError",
    status: 400,
    code: undefined
  }
}

To Reproduce

Steps to reproduce the behavior:

Deploy a supabase edge function that calls auth.getUser() on supabase client.

import { createClient } from 'https://esm.sh/@supabase/supabase-js@2.42.5'
import { corsHeaders } from '../_shared/utils/cors.ts'

Deno.serve(async (req: Request) => {
  if (req.method === 'OPTIONS')
    return new Response(null, {
      status: 204,
      headers: corsHeaders,
    })
  const authHeader = req.headers.get('Authorization')!
  const supabase = createClient(
    Deno.env.get('SUPABASE_URL') ?? '',
    Deno.env.get('SUPABASE_ANON_KEY') ?? '',
    {
      global: { headers: { Authorization: authHeader } },
      auth: { persistSession: false },
    }
  )
  const data = await supabase.auth.getUser()
  console.log('data', data)
  return new Response(null, { status: 200, headers: corsHeaders })
})

Expected behavior

auth.getUser() returns authenticated user object as it does when using supabase-js@2.42.4.

System information

Additional context

Possibly related to issue #1023 'New auth error codes missing in error object'

j4w8n commented 1 week ago

As of right now, you'll need to pass the jwt, from the authorization header, into the getUser() call. Be sure to split the header, to remove Bearer at the beginning.

Reference: https://github.com/supabase/auth-js/issues/881

ryan-voitiskis commented 1 week ago

Sorry I didn't see the existing issue in auth-js. Closing now.