Got a very weird one working with

I'm somewhat new to supabase auth and I'm struggling to find anything on this in the documentation, but can you use the signIn method in an API or does it have to be in a web client? I'm working on creating a full-stack app that I'd like to be able to use postman or the restClient for VS Code and I don't really see a way to do do that with supabase auth unless you can authenticate in the API... it kind of seems to rely on having an active webpage though.

API requires web client?

I'm trying to store github profile info in a database using the JS api in a sveltekit page endpoint, but it doesn't seem to work. I've been told it might have something to do with SSR and

window

? my code is here:

quick question: if you are starting a Next.js + Supabase project - do you use NextAuth or Supabase Auth?

I tried both recently and I liked using Supabase Auth better

Cool, thanks! Will try that one first!

Here's a great tutorial if you're looking for one:

Anybody having issues with supabase in regards to 'PATCH' request and headers? When I make a update it makes the change in the database but doesnt display the data on the client

patch and return data

hey guys. any code examples of granular access? like there are hundreds of tutorials out there on how to authenticate users globally, but how do you authorize users based on something like different membership tiers (Gold, Silver, Platinum memberships for eg.) in plain javascript (or react). max I've seen is egghead course about authorization in dashboard section but still.. it is not clear how to implement this... thanks.

burggraf from SB has generated this new guide that might be useful: https://github.com/supabase-community/supabase-custom-claims

Hey, I wanna make a permission management solution similar to notion or figma, where the owner of a group can invite other users to get, for example, read-only, edit, and administrative permissions. Are there any relevant examples?

a bit late but the solution was to also extract the refresh token from the redirect uri, save it alongside the access token and then just do something like this:

ts
export async function signInWithAuthTokens({
  accessToken,
  refreshToken,
}: {
  accessToken: string;
  refreshToken: string;
}) {
  supabase.auth.setAuth(accessToken);
  const { session, error } = await supabase.auth.setSession(refreshToken);
  if (error != null) {
    return { user: null, error };
  }

  // TODO: maybe figure out a nicer way to do this?
  if (session?.user == null) {
    return {
      user: null,
      error: { message: 'session.user is not defined', status: 1337 },
    };
  }

  return { user: session.user!, error: null };
}

i might prepare a small example and put it on github for other people who want to do social auth with supabase in a browser extension.

on this note, shouldn't

supabase.auth.getSessionFromUrl

be able to receive a url as a parameter for scenarios where one doesn't want to do the whole url parsing dance but doesn't necessarily have a global

window.location.href

? or is there anything else that does this? i couldn't find anything and it's a bit annoying having to reinvent the wheel and (probably, possibly, maybe) face bugs that i really shouldn't have to deal with imo.

Hello everyone! I'm new around here!, I'm facing an issue that I have no idea what I'm doing wrong and I hope anyone can help me out because this is driving me insane... So I have this code that was working, and suddenly, stopped working the the last few days and I have no idea why:

javascript
const supabase = require("@supabase/supabase-js").createClient(
  SUPABASE_URL,
  SUPABASE_ANON_KEY
)

const run = async (file) => {
  let f = require("fs").readFileSync(file)

  let fullFinalPath = "test/" + require("path").basename(file)
  console.log("Full final path: ", fullFinalPath)

  //const { loginError } = await supabase.auth.signIn({
  //  email: USER,
  //  password: PASSWORD,
  //})


  const { uploadError } = await supabase.storage
    .from("test")
    .upload(fullFinalPath, f)

  if (uploadError) {
    console.log(uploadError)
  } else {
    console.log(file, " uploaded.")
  }
}

run(process.cwd() + "/test.txt")

Basically this is a simplified version of a github action I made for myself: https://github.com/Torwent/supabase-upload It was working fine for a long time but suddenly stopped working and I have no idea why... I haven't changed policies in my buckets, and the code didn't change either until today that I started running tests to see if I could find out what was going on. I tried both logged in as a user and without, none work. I've even tried making a brand new bucket but it just won't work... what could it be that I'm doing wrong?

also, I get no errors with that code, but no files are actually uploaded

Okay it actually seems to be a problem with my policies because if I remove them it works... but I didn't change anything 😅 I'll try to figure this out

Hey

Does anyone know how the supabase

.or

function is supposed to work?

Does anyone know how the supabase

or

how can i sort a list with inner?

So I'm trying to do authenticated Supabase queries from Next.js API routes. I have an API route set up to store my cookie:

import { NextApiRequest, NextApiResponse } from "next";

import { supabase } from "@/utils/supabaseClient";

const handler = (req: NextApiRequest, res: NextApiResponse) => {
  supabase.auth.api.setAuthCookie(req, res);
};

export default handler;

Then I have a listener that calls this endpoint on every client side supabase auth change

import { useEffect, useState, createContext, useContext } from 'react';
import { Session } from '@supabase/supabase-js';

import { supabase } from '@/utils/supabaseClient';

export const UserContext = createContext(null);

export function UserContextProvider(props: any) {
  const [session, setSession] = useState<Session | null>(null);

  useEffect(() => {
    const session = supabase.auth.session();
    setSession(session);

    const { data: authListener } = supabase.auth.onAuthStateChange(async (event, session) => {
      setSession(session);
      await fetch('/api/auth', {
        method: 'POST',
        body: JSON.stringify({ event, session }),
        headers: {
          'Content-Type': 'application/json',
        },
      });
    });

    return () => {
      authListener?.unsubscribe();
    };
  }, []);

  const value = {
    session,
  };

  return <UserContext.Provider value={value} {...props} />;
}

export function useSession() {
  const context = useContext(UserContext);
  return context;
}

Now I would expect that I can just query Supabase normally in all my API routes. However, that's not the case. If I do that it treats queries like those from unauthenticated users. If I add those lines to my API handler everything works as expected:

const handler = async (req: NextApiRequest, res: NextApiResponse) => {
  const { token } = await supabase.auth.api.getUserByCookie(req);
  supabase.auth.setAuth(token ?? '');

  // ...

Why do I need this and is there a way to get rid of it?

how can i sort a list with inner

I'm running into an issue with this code

const res = await supabaseClient.auth.api.signInWithEmail(email, password)
if (res.data === null) {
    throw new Error('data is null')
}
if (res.error !== null) {
    throw res.error
}
jwt == res.data.access_token
supabaseClient.auth.setAuth(res.data.access_token)

const {error: signOutError} = await supabaseClient.auth.api.signOut(jwt)
expect(signOutError).toBeNull()

I get a problem with `signOutError`:

expect(received).toBeNull()

Received: {"message": "Invalid token: token contains an invalid number of segments", "status": 401}

What is going on here? I would expect to be able to the

access_token

on the session to log out. I did inspect the JWT and it is valid when signed with the default localhost secret:

"super-secret-jwt-token-with-at-least-32-characters-long"

Ah, this might have been my rubber ducky debug moment... If I make this change:

const authSession = supabaseClient.auth.setAuth(res.data.access_token)
jwt = authSession.access_token

then I think it works

actually, my problem may have been

jwt == res.data.access_token

instead of

jwt = res.data.access_token

... d'oh! sorry for spam

my supabase cli fails with exit code 1 when trying to deploy functions. It was working yesterday, and suddenly, stopped

Is anyone else experiencing this issue?

Hi somebody know why the function

supabase.auth.onAuthStateChange((event, session)

is called twice with the event

SIGNED_IN

. There is some way to avoid or distingue between btoh calls ??