Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
How does singing on client side makes user available on server side automatically in auth-helper?
See original GitHub issueI see we get user server side in nextjs by
export default async (req: NextApiRequest, res: NextApiResponse) => {
const supabaseServerClient = createServerSupabaseClient<Database>({ req, res })
const { data:{ user } } = await supabaseServerClient.auth.getUser()
}
I want to know how user is automatically available here?
- I never set user server side while signing client side.
- Also i never used
onAuthStateChangeclient side - I never set any supabase cookies in req object sent to next js API route
Issue Analytics
- State:
- Created a year ago
- Comments:7 (1 by maintainers)
Top Results From Across the Web
Issues · supabase/auth-helpers - GitHub
How does singing on client side makes user available on server side automatically in auth-helper? documentation Improvements or additions to documentation.
Read more >The unrivaled power of joining client- and server-side tracking
This blog post will focus on a broader topic than the Ruby tracker, namely how to use both client- and server-side tracking within...
Read more >Create a Node.js Office Add-in that uses single sign-on
Learn how to create a Node.js-based add-in that uses Office Single Sign-on.
Read more >Supabase Auth with Next.js
Server -side data fetching to OAuth APIs using provider token #oauth-provider-token#. When using third-party auth providers, sessions are initiated with an ...
Read more >Pass Supabase Session Cookie to API Route to Identify User
While our request from the client to the API route contains our auth cookie, it is not automatically attached to server-side calls using...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
One more thing, cookies are vulnerable to XSS when they are not HttpOnly 😉
https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#restrict_access_to_cookies
https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#httponly-attribute
Thanks, @hf for your detailed answer.
Before you released this package I built a solution to sync Remix session cookies with the browser’s Supabase client (mostly to use real-time). The idea was to get the session from the root loader and put it in a React Context (with an interval effect based on expires_in to trigger a Remix action and refresh the session).
I maintain a Remix stack around Supabase and Prisma and someone ask me if I could “replace” the hand-crafted thing I did, with your package. Because I previously had questions about security concerns, I wanted to be sure how It works 😇 .
I’ll consider updating my stack to not scatter people with multiple ways to handle auth in Remix with Supabase.