Next.js SSR and row-level security

@kiwicopple Thanks a lot, supabase team is awesome!

Just a short clarification: I did use setAuthCookie and that was why I was able to call getUserByCookie inside getServerSideProps. As I commented above, I could then get user, but the following call to fetch the tables (i.g. const { data, error } = await supabase.from("")...) just return null data and undefined error when low-level security is set up.

I’m checking this ‘token’ that you just made available and will let you know. Thanks again!

I may not be understanding your question properly, so if not feel free to comment back

I just don’t know what to do to pass access_token to getServerSideProps

I assume that getServerSideProps is your own route? Ideally when you first authenticate the user you call setAuthCookie in a server route. This will create a cookie, which is then passed with all network requests.

After that, you can pull the user’s details out of the cookie - you don’t need to store access_token anywhere. I just updated the latest version of supabase-js to support getting the token directly from the cookie. It should work like this:

export async function getServerSideProps({ req }: any) {
  const { token, user } = await supabase.auth.api.getUserByCookie(req);

  if (!user) {
    return { props: {}, redirect: { destination: "/" } };
  }

  const { data, error } = await supabase.setAuth(token)
    .from("")
    ... 
   
}

I’ll close this one for now, but if there is a bug that you feel needs fixing just let me know and I’ll reopen