Using Next.js and Auth0 with Supabase

robertino.calcaterra · November 17, 2021, 3:59pm

Learn how to integrate Auth0 authentication with database storage and row-level security authorization in Supabase.
Read more…

Brought to you by our guest author Jon Meyers

robertino.calcaterra · November 17, 2021, 4:04pm

What’s up Devs! Please share any comments or feedback with us on this thread

juanzgc · November 19, 2021, 4:26am

Jon,
Thanks for this great article! One Typescript question:

export const getSupabase = (access_token?: any) => {
  const supabaseClient = createClient(
    process.env.NEXT_PUBLIC_SUPABASE_URL,
    process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY
  );

  if (access_token) {
    // Typescript error here
    supabaseClient.auth.session = () => ({
      access_token,
    });
  }

  return supabaseClient;
}

I’m getting the following Typescript error:

Type '{ access_token: any; }' is missing the following properties from type 'Session': token_type, userts(2739)

dijonmusters · November 19, 2021, 7:53am

konrad.sopala · November 19, 2021, 7:54am

Hey there @juanzgc!

Feel free to DM @dijonmusters about that through his Twitter profile that he provided

carl-ce · December 15, 2021, 9:17am

@dijonmusters this guide is now outdated based on the row level security updates in this release. I just spent a day trying to figure out why the RLS wouldn’t work . Could you update the documentation here?

For anyone else who finds this, you need to replace

create or replace function auth.user_id() returns text as $$
  select nullif(current_setting('request.jwt.claim.userId', true), '')::text;
$$ language sql stable;

with

create or replace function auth.user_id() 
returns text 
language sql stable
as $$
  select (current_setting('request.jwt.claims', true)::jsonb ->> 'userId')::text
$$;

konrad.sopala · December 15, 2021, 11:47am

Thanks a lot for sharing that with the rest of community!

robertino.calcaterra · December 17, 2021, 4:00pm

This topic was automatically closed after 29 days. New replies are no longer allowed.

konrad.sopala · March 7, 2022, 2:41pm

sevo · June 1, 2022, 1:33pm

Great article! This really helped kickstart an Auth0 - Supabase integration on a recent project.

Building from this example, however, what would be an approach to handle expired JWTs? By setting an expiration, like in the example, it seems like we are working against the settings configured in the Auth0 dashboard. Moreover, there is no mention in the article of how to deal with a session with an expired JWT.

mattschwarz · January 12, 2023, 4:10am

I think that this article has once again become outdated. I found luck following Supabase’s tutorial which is based off of this one, but seems updated. It includes an updated SQL function query for creating the proper auth.user_id() function, and a new pattern for passing the JWT token with requests when initializing the supabase client: https://supabase.com/docs/guides/integrations/auth0

konrad.sopala · January 12, 2023, 1:12pm

@robertino.calcaterra can you follow up on that? Thank you!

sevo · January 16, 2023, 7:18pm

I’ve solved my problem by setting AUTH0_SESSION_ABSOLUTE_DURATION to a value less than or equal to the expiration of the JWT signed for Supabase.

robertino.calcaterra · January 17, 2023, 11:32am

We are working closely with our Supabase folks on updating this post

konrad.sopala · January 17, 2023, 1:35pm

Thanks a lot for the update!

mattschwarz · January 18, 2023, 5:58am

Just for my clarity, are you saying you’re avoiding refreshing the Supabase token by simply expiring the Auth0 session before it or at the same time?

I ended up writing custom logic on the server side to:

check for a valid token with each request to the supabase client
if it’s invalid, await an asynchronous function that signs a new token to the user session and try again

^ Open to suggestions on that. Obviously it’s not a normal pattern like also generating a refresh token, but it seems to work as intended.