Closed ghost closed 3 months ago
Hi @nbarrow-inspire-labs, we recently fixed an issue with the cookie chunking algorithm in https://github.com/supabase/auth-helpers/pull/726. You may want to upgrade your supabase/ssr version from 0.0.10 to 0.1.0 and try again.
@kangmingtay thanks for the heads up! I'll take a look and close this out.
Is this solved? I use "@supabase/ssr": "^0.1.0" but when accessing cookies from request (NextRequest) it splits the cookie in 2 different parts, .0 and .1. But not for all users, only for some which is weird.
@bearbricknik do you have social and email/password auth set up? I think with Social Login, it tries to add a bit more metadata from the auth provider in the cookie (like email, username etc) which can make it larger. For me email auth can fit in one cookie, but social auth from google splits the cookie in two
Bug report
Describe the bug
Using Keycloak, cookies can be quite large. This has been an issue already (see https://github.com/supabase/realtime/issues/761 and https://github.com/supabase/realtime/pull/762) with some fixes implemented already (see, e.g., https://github.com/supabase/cli/issues/1784).
I am noticing that at a certain character length,
supabase-js
is splitting authentication cookies into two (see screenshots below). Not only does this ignore any custom cookie name, but it also creates errors when tying to retrieve the cookie manually, as well as, I suspect, issues with realtime data connections automatically refreshing (it would explain why I am experiencing the open issue here https://github.com/supabase/realtime-js/issues/274 along with possibly other users).I am using the recommended approach for Next.js, of using
@supabase/ssr
(https://github.com/supabase/auth-helpers/blob/main/packages/ssr/src/createBrowserClient.ts).Update 1
It looks like the first cookie has an exact length of
3180
. This seems to coincide with the chunker used by supabase/ssr:https://github.com/supabase/auth-helpers/blob/a68e78bc9cb863217db75ac561de93874a85aafa/packages/ssr/src/utils/chunker.ts#L6
I'm wondering if I should just implement my own version of
createBrowserClient
that I can use to strip out unnecessry information from the JSON object... wondering what fields could be removed? The total length of the cookie I paste below is4805
, which would exceed the maximum length of4096
stipulated by RFC (I believe they areRFC 2109 (#6.3), RFC 2965 (#5.3), and RFC 6265
from searching around).Thoughts:
provider_refresh_token
needed (I would assume so)?provider_token
needed? This one is obscenely long and perhaps could be omitted (if I have to, by manually implementingcreateBrowserClient
?)user
needed? this section of the JSON is also massive and (if unnecessary) something I'd like to omit, as I generally fetch the user directly from the server using the access token)To Reproduce
Unless you are using Keycloak, which is generating obscenely long cookies, it may be hard to reproduce this. However, I have attached below an exact JSON copy of what the cookie would look like before it is being split into two somewhere. I have also attached the react code we are using to create our client.
import { useAppSelector } from "@inspire-tms/vault/components/store/hooks"; import { createBrowserClient } from "@supabase/ssr"; import Cookies from "js-cookie"; import { useState } from "react";
export const useSupabaseClient = (): SupabaseClient => { const state = useAppSelector(app => app.supabase); if (!state.supabase) throw new Error("[useSupabaseClient] function invoked outside of SupabaseProvider!");
const AUTH_COOKIE = "supabase-inspire-tms-vault"; const isAuthCookie = (name: string) => name.endsWith("auth-token") || (name.includes(".") && name.split(".")[0].endsWith("auth-token"));
const [ client ] = useState(() => createBrowserClient(state.supabase!.url, state.supabase!.anonKey, { cookieOptions: { name: AUTH_COOKIE }, cookies: { get: (key) => { if (key.includes("auth-token-code-verifier")) return Cookies.get(key); if (isAuthCookie(key)) return Cookies.get(AUTH_COOKIE);
}));
return client; };
System information