Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

auth.getUser returns an error: Auth Session Missing v2.43.2 #948

Open
2 tasks done
NickG-NZ opened this issue Jun 2, 2024 · 39 comments
Open
2 tasks done

auth.getUser returns an error: Auth Session Missing v2.43.2 #948

NickG-NZ opened this issue Jun 2, 2024 · 39 comments
Labels
bug Something isn't working

Comments

@NickG-NZ
Copy link

NickG-NZ commented Jun 2, 2024

Bug report

  • I confirm this is a bug with Supabase, not with my own application.
  • I confirm I have searched the Docs, GitHub Discussions, and Discord.

Describe the bug

After upgrading from v2.38.4 to v2.43.2, calling auth.getUser in a NextJS route handler returns an AuthSessionMissing error for a logged in user (session cookie exists and is passed to the client).
It seems to be the same bug from issue supabase/supabase-js#1025 that was discovered and already fixed for edge functions. In this case it is happening when using the Supabase SSR library.

To Reproduce

Steps to reproduce the behaviour, please provide code snippets or a repository:

Run await supabaseAuthClient.auth.getUser() in a NextJS route-handler (or presumably any serverless runtime using a supabase SSR client)

Expected behavior

The user is returned.

Screenshots

If applicable, add screenshots to help explain your problem.

System information

  • OS: Ubuntu 22
  • Browser Chromium
  • Version of supabase-js: 2.43.2
  • Version of Node.js: 20

Additional context

Add any other context about the problem here.

@peterje
Copy link

peterje commented Jun 5, 2024

@NickG-NZ I also ran in to this yesterday intermittently Any resolution?

@NickG-NZ
Copy link
Author

NickG-NZ commented Jun 5, 2024

No resolution for us yet. We're sitting on an old version until the supabase team responds

@geoffreygarrett
Copy link

geoffreygarrett commented Jun 6, 2024

For what it's worth, I had the same error.

I manually inspected the cookies and found my cookies were not chunked correctly as [cookie-part.0, cookie-part.1] for some reason. Might be unrelated and a by-product of my cookie management, but I found: [cookie-part, cookie-part.0, cookie-part.1] where cookie-part==cookie-part.1. (yes I have sizeable cookies).

The cookie chunking algorithm, when provided with cookie-part will return cookie-part if it exists and ignore the enumerated chunks.

@vanceingalls
Copy link

@NickG-NZ which version of next.js are you on? seem to be running into the same issue with supabase-js 2.43.2 and any version of next.js above 14.0.4

@RickWoltheus
Copy link

can confirm this is also happening for me on supabase-js 2.43.4 and nextjs 14.0.4

@Donald646
Copy link

Same here I can't use .getUser() in serverless functions, or in API Routes.

@Donald646
Copy link

@RickWoltheus I'm running into the same problem. I installed the latest version, but when I downgrade it doesn't work anymore. I'm a relatively new dev, so how do I downgrade to a version that works?

@Donald646
Copy link

Screenshot 2024-06-14 at 12 11 22 AM

these are my dependencies when I run npm list.

@NickG-NZ
Copy link
Author

Screenshot 2024-06-14 at 12 11 22 AM these are my dependencies when I run npm list.

You haven't included your supabase-js version in the screenshot. The package that this Github issue is about (@supabase/supabase-js) should be in your dependencies.
I can't remember exactly which version breaks it, but my team is sitting on 2.38.4.

To switch to this particular version you would just run
npm install @supabase/supabase-js@2.38.4

@NickG-NZ
Copy link
Author

@NickG-NZ which version of next.js are you on? seem to be running into the same issue with supabase-js 2.43.2 and any version of next.js above 14.0.4

We're on 14.1.4. Are you saying that running an older version of NextJS fixes it?

@Donald646
Copy link

Screenshot 2024-06-14 at 12 53 23 AM

Your screen shot isn't working for me, but when I run npm list @supabase/supabase-js doesnt appear, but I have run the install.

@NickG-NZ
Copy link
Author

@Donald646 This is really unrelated to the current issue. Can you please try Google, GPT or StackOverflow.

@Donald646
Copy link

Going back to an older version of @supabase/supabase-js doesn't work for me. My local development is down, as users on the serverside is a core part of it. This issue has also been open for a while now, so I don't know when it's gonna be fixed.

@createdbymax
Copy link

Having the same issue on supabase-js 2.43.4.

@latifs
Copy link

latifs commented Jun 18, 2024

Hey Guys,

Having the same issue on:

  • @supabase/supabase-js 2.43.5
  • @supabase/ssr 0.3.0
  • next 14.2.3

Has anyone figured out which version introduces the breaking change?
Thanks

@NickG-NZ
Copy link
Author

@kangmingtay Seems there are a lot of people affected by this. Just want to make sure the supabase team is aware of it.

@latifs
Copy link

latifs commented Jun 19, 2024

This is insane,
looks like this issue has been reported months ago in lots of issues and discussions and nothing.
I've started watching firebase videos, they have postgres now!

@Donald646
Copy link

I've reached out to their support team directly, and they told me they have escalated this issue to the auth team. But no other fixes so far.

@tecoad
Copy link

tecoad commented Jun 22, 2024

This is freaking insane!
I have spent over 10 hours revisiting my codebase to find out this has nothing to do with the code.
Anyone figured out how to fix it?

@enzotar
Copy link

enzotar commented Jun 28, 2024

Similar here. If a route fetches using POST with body to another route, auth/cookies are lost. Works if I change it to redirect with GET and query params

"@supabase/ssr": "^0.4.0",
"@supabase/supabase-js": "^2.44.2",
 "next": "^14.2.4",

@zeropaper
Copy link

The strangest bit for me is that everything works fine locally.
However, it doesn't work with the remote (supabase).
My version of @supabase/supabase-js is 2.42.0.

My flow is the following:

  1. I make a request to login
    const { data, error } = await supabase.auth.signInWithPassword({
      email,
      password,
    });
    // this will work just fine:
    logger.debug(
      "login auth.getUser",
      JSON.stringify(await supabase.auth.getUser(), null, 2),
    );
    logger.debug(
      "login auth.getSession",
      JSON.stringify(await supabase.auth.getSession(), null, 2),
    );
    
    and respond with the data (that includes the access_token).
  2. Then I make another request to another endpoint (passing the access_token in the headers)
    const userClient = createClient(SUPABASE_URL, access_token);
    // this will fail. But not when done locally.
    const { data } = await userClient.auth.getUser();
    

@kangmingtay
Copy link
Member

kangmingtay commented Jul 4, 2024

hey everyone, we're investigating this issue - we made getUser() return null in this PR as to indicate that:

  1. The user doesn't exist
  2. The access token you're using is invalid (which used to return an invalid claim: missing sub claim) error

you should also be able to see any errors with the auth service in your project's auth logs (https://supabase.com/dashboard/project/_/logs/auth-logs) - specifically, you should be watching out for errors against the "/user" endpoint over the time period where getUser() returns null

@zeropaper i don't think you can pass the access_token as the key - can you try this instead?

const userClient = createClient(SUPABASE_URL, SUPABASE_ANON_KEY, {
  auth: {
    autoRefreshToken: false,
    persistSession: false,
    detectSessionInUrl: false
  }
});
const { data } = await userClient.auth.getUser();

@denull0
Copy link

denull0 commented Jul 8, 2024

Similar here. If a route fetches using POST with body to another route, auth/cookies are lost. Works if I change it to redirect with GET and query params

"@supabase/ssr": "^0.4.0",
"@supabase/supabase-js": "^2.44.2",
 "next": "^14.2.4",

Changed POST to GET and cookies are now getting passed correctly.

Edit: It keeps on braking. The cookie are passed only sometimes.

@denull0
Copy link

denull0 commented Jul 11, 2024

It might be related to caching. I removed the staleTime of my React Query config and the cookie now persist and it's passed to the route handler with both GET and POST.

@caelinsutch
Copy link

Ran into this issue, downgrading to

    "@supabase/ssr": "0.3.0",
    "@supabase/supabase-js": "2.35.0",

didn't seem to fix it with "next": "14.2.4".

This is following the documentation and attempting to access current user in a page.tsx file and middleware

Was migrating a from Firebase but I guess we'll wait until this is figured out.

@hiroki-307
Copy link

I get an error when I call auth.getUser as follows using the browser client in Nextjs.

  const supabase = createClient()
  const { data, error } = await supabase.auth.getUser()

but when I did the same thing using the server client, no error occurred and it was handled correctly.

I implemented the browser client and server client according to the following link: https://supabase.com/docs/guides/auth/server-side/nextjs

I hope this helps.

@dukuo
Copy link

dukuo commented Jul 23, 2024

I'm getting the exact same error, is there a way to solve this another way?

@Shaun-Regenbaum
Copy link

I am experiencing these issues as well.

@denull0
Copy link

denull0 commented Jul 29, 2024

It seems this person is getting around the issues:

https://github.com/ElectricCodeGuy/SupabaseAuthWithSSR/tree/main

@caelinsutch
Copy link

It seems this person is getting around the issues:

https://github.com/ElectricCodeGuy/SupabaseAuthWithSSR/tree/main

This approach worked great - cookies().set() can only be called from server functions or endpoints so had to remove from being ran on server-side components which was throwing errors in prod

@hf
Copy link
Contributor

hf commented Aug 5, 2024

Hey everyone. Getting no user if the cookies are present means that you probably have an incorrect middleware.ts file. The middleware must run. If it doesn't the token will be refreshed multiple times causing the following refresh to fail.

Please follow the SSR guides to the dot. https://supabase.com/docs/guides/auth/server-side/creating-a-client?environment=server-component&queryGroups=framework&framework=nextjs

@J0 J0 transferred this issue from supabase/supabase-js Aug 27, 2024
@tomasmenezes
Copy link

Just started getting this error on the latest "@supabase/supabase-js": "^2.45.3". Rolling back to 2.45.1 seems to prevent it.

@elbarbi
Copy link

elbarbi commented Sep 10, 2024

Hi everyone, I have the same issue. It happened after a reset of the database, but I don't know if it is linked. Someone find a solution ?
Here is my discussion link:
https://github.com/orgs/supabase/discussions/29185

      '@supabase/ssr':
        specifier: ^0.3.0
        version: 0.3.0(@supabase/supabase-js@2.43.5)

@Roni750
Copy link

Roni750 commented Oct 8, 2024

Hey everyone. Getting no user if the cookies are present means that you probably have an incorrect middleware.ts file. The middleware must run. If it doesn't the token will be refreshed multiple times causing the following refresh to fail.

Please follow the SSR guides to the dot. https://supabase.com/docs/guides/auth/server-side/creating-a-client?environment=server-component&queryGroups=framework&framework=nextjs

You are definitely right about the middleware causing this issue (at least in my case). My middleware was just fine until I implemented protectedRoutes. It seems that the two asynchronous calls (one to updateSession from supabase/middleware, the other from my isAuthenticated custom function) caused this issue. Thank you for pointing that out, you're my saviour!

@sbhatm1213
Copy link

Facing this error still AuthSessionMissingError: Auth session missing! at http://localhost:3000/static/js/bundle.js:79331:20

Steps followed -
(1) Add Client ID and Secret on Supabase Google Auth Provider - Done
(2) Add Javascript origin - Done - http://localhost:3000/
(3) Add Redirect URI - Done - http://localhost:3000/auth/v1/callback and https://my-domain.supabase.co/auth/v1/callback
(4) Add code for onAuthStateChange - Done
(5) Try using const { data: { session } } = await supabase.auth.getSession() - Done - Doesn't work
(6) Try using const { data: { user } } = await supabase.auth.getUser() - Done - Doesn't work
(7) Try with different gotrue-js version - Done - "@supabase/supabase-js": {
"@supabase/gotrue-js": "2.43.1"
}
(8) Try on Firefox - Done - This works fine , so on Chrome is the problem

Same issue even with Azure

Although login happens, cannot get the session/user

@e-Naeim
Copy link

e-Naeim commented Oct 30, 2024

I'm getting same issue

@awseeley
Copy link

awseeley commented Nov 5, 2024

I had the same issue, after many hours of debugging I found I should be using the following client when signing in on the client
import { createBrowserClient } from "@supabase/ssr";

Instead of
import { createClient } from "@supabase/supabase-js";

Wasn't so clear in the docs!

@k2xl
Copy link

k2xl commented Nov 25, 2024

Adding a solution I found for my particular instance in case it helps.

I was returning a singleton for createClient() calls from my backend (since I was getting
Multiple GoTrueClient instances detected in the same browser context. It is not an error, but this should be avoided as it may produce undefined behavior when used concurrently under the same storage key. when running my jest tests. However, this was causing issues this auth session issue to happen to me (though strangely enough it didn't happen every time).

Anyway, getting rid of the singleton for createClient ended up resolving this for me

@harrisrobin
Copy link

I was facing this same issue, in my case it was because of a regression introduced in @supabase/auth-js:
#995

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests