Skip to content

[supabase-js v2] bring back the auth.setAuth() method  #514

New issue
Jump to bottom
New issue
Jump to bottom
Closed
Closed
[supabase-js v2] bring back the auth.setAuth() method #514
Labels
enhancementNew feature or request
@julianpoma

Description

@julianpoma
julianpoma
opened on Aug 17, 2022

Feature request

Bring back the ability to manually scope the supabase request to a particular JWT.

Is your feature request related to a problem? Please describe.

The following pattern is really useful when doing queries on next-js api routes or getServerSideProps function: lets you query data scoped to the current user (ie: RLS) without the need to rely on a supabaseAdminClient

export async function supabaseServerClient(
  context
) {
  const supabaseClient = createClient(
    process.env.NEXT_PUBLIC_SUPABASE_URL,
    process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY,
    {
      auth: {
        autoRefreshToken: false,
        detectSessionInUrl: false,
        persistSession: false
      }
    }
  )

  const access_token = context.req.cookies['supabase-access-token']

  if (!access_token) throw new AuthSessionMissingError()

  // Previously we where able to do this...

  const { error } = supabaseClient.auth.setAuth(access_token)

  if (error) throw error

  return supabaseClient
}

// On an API function or getServerSideProps
export default function handler({req, res}) {
  const supabase = await supabaseServerClient({ req })

  // queries will be scoped to the user
  const { data } = await supabase.from('table')...

}

Describe the solution you'd like

Implement a method to manually set the jwt token.

Describe alternatives you've considered

I can see that in the new supabase-v2 there is a setSession() method which takes the refresh_token and tries to generate a new token with that.

export async function supabaseServerClient(context) {
  const supabaseClient = createClient(
    process.env.NEXT_PUBLIC_SUPABASE_URL,
    process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY,
    {
      auth: {
        autoRefreshToken: false,
        detectSessionInUrl: false,
        persistSession: false,
      },
    }
  );

  // This is not working for me. Also will this invalidate the current session on the client?

  const refresh_token = context.req.cookies["my-app-refresh-token"];

  if (!refresh_token) throw new AuthSessionMissingError();

  const { error } = await supabaseClient.auth.setSession(refresh_token);

  // Outputs: AuthApiError: Invalid Refresh Token
  console.log("setSession error", error);

  if (error) throw error;

  return supabaseClient;
}

What I worry about this is approach is:

  • Calling this method on the backend invalidates the current session of the client (the JWT token no longer being valid)?
  • Manually calling setSession() is not working for me ATM, I always get an Invalid refresh token error, but that could be an issue on my end.

Additional context

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions