Check out the full playlist to learn about Postgres Views, Functions, Triggers and RLS: kzbin.info/www/bejne/f4C8d4ZjZ9F5oLc

Already outdated

is supabase fix that weird spam log in SvelteKit supabase ssr package?

The github link is not updated based on the code written here.

why in the middleware didn't you have to exclude the "/auth/callback" route too? Every time the sign-in process starts, an intermediate redirection to that route ("auth/callback") will happen to exchange the code for the session token, and at that point the user is not retrieved yet -> so the middleware is invoked -> user is redirected to login again always

Your videos are so solid Jon! Keep up your incredible contribution to the community :D

can you in middleware also have information added to custom JWT token, like user's subscription tier? thanks!

Will you update the docs as well?

Hey thanks for this. I have literally set up everything using auth helpers with cookies, from signup form to middleware to callback. Im using the NextJS approuter with basic email and pass signup offered by supabase atm. Do you plan to do a simple migration video on that as well?

hi, i have this message in my middleware Failed to parse cookie string: SyntaxError: Unexpected token 'b', "base64-eyJ"... is not valid JSON The error occurs because the supabase jwt is not a json string, I have already checked on github and I cannot find an explanation.

[EDIT 13:45 - This was addressed] Very nice, but my understanding is that putting auth in Layouts is insecure. You need to use Middleware to keep is secure.

Is there a way to do "Remember me" checkboxes with supabase auth? I haven't seen any docs or instructions on how to do this properly.

why db postgress and not supabase, it is confusing becuase is calling db from vercel so which db is this from ?

@supabase i have exact same setup But facing a issue fom past 1 week I am using supabase auth and supabase db with NExt.js and in my API route I couldn't able to access user using getUser method session is also null when consoled, due to which I am unable to seed the db with user ID please help all possible ways I tried but now couldn't find a way to get out of this

Can I still use this or do I need to change to 'getAll()' and 'setAll()'?

Hey Jon, great video. I'm using middleware to protect my routes, but one super annoying thing is the supabase types still show that my user might be undefined and I have to handle that everywhere. I'd love some way of telling the supabase client that the user is guaranteed via nextjs middleware on specific routes.

I love your humor in the video! 🤣

This means you have to make 2 calls on every request to Supabase, even when there is no user. This solution has slowed down all server apps! The SvelteKit version does not do this.

Can you please cover storage with Next.js?

can someone help me how to get the rows which are added today based on the created_at

I have a barbershop table and a customer table in my project. A customer is related to a barbershop, and I prefer separate authentications, how would I do this?

4:40 "any logic we add before this return statement is going to be run for any of the child routes of this component". This is not true. Layouts do not rerun if you navigate between routes that are underneath them. If you put this auth check high up it may never rerun unless you do a hard refresh. I know you did end up using middleware at the end of the video but I honestly don't understand why you even show the layout way in the first place. Again, it doesn't rerun for all route changes, doesn't support static rendering and most of all is just not secure at all due to how streaming of RSCs work.

The login redirect check at 15:10: if (!user && !request.nextUrl.pathname.startsWith('/login') { return NextResponse.redirect(new URL('/login', request.url)); } is different than the same check in the repo: if (!user) { return NextResponse.redirect(new URL('/login', request.url)); } Why is that?

If I build a web3 auth flow how can I submit that to the team for integration?

Please do the same for SolidJs

hat is back :)

I see a change in auth/callback to auth/confirm in the docs the real problem the GitHub of the update use the old version, but the docs show the new way of do. Wait for me work about this or someone resolve. haha

The Right Way to do Auth with the Next.js: I've just started using Astro instead

Please do the Svelte equivalent

Docs need to be kept upto date

why you jump so much...

I would love to see how we can build proper role based authorization

how would you validate routes? some routes are plublic others are not, should we do an util with an array of “includes”|"startsWith"?

why doesn't supabase just work on an official nextjs adapter?

I just uploaded a video today which involves supabase auth and I was like wth changed🤣🤣. Glad it was just that

Outdated ! Do not use this

Does the middleware also run on api routes and auth/callback route? Is the validation needed for those routes?

Extremely helpful, thank you Supabaggins!

Nice, I have always imagine there could be a new way Auth will be handled in the Supabase and NextJs, there's now a slight change compared to when using the -e with-supabse of create-next-app in the utils middleware, let me go and edit my previous project accordingly, Thanks John 👌

Wouldn't the env variables be exposed to the client if prefixed with "NEXT_PUBLIC"? Is that not a security vulnerability?

The docs show the middleware refreshing the token and storing it, but wouldn't it also be possible to include the if (!user) redirect to /login inside the middleware as well to do both?

The right Way to do Auth starts with docs that don't require the same cognitive load to find the Right Way to do Auth & not having to revert to a video about the The Right Way to do Auth. Your docs? all over the shop, zero version separation from Pages to App router as well as client server & the search functionality is so slow making it unusable.

The github repo has not been updated to include this new way of protecting in middleware right? Would love to take a closer look.

Do you create a new client on every request? Or just create it once and use it for all requests?

I wish supabase had ttl so i could switch over

Can you also make an updated tutorial on RBAC?

hope show some love for svelte

Mmm ok, so I'm a little confused, I used the create-next-app -e with-supabase and the starting code has no logic for protecting the app trough the middleware, so I guess he means that the starter code only sets up the app "except" the protection of pages? I thing this should be part of the starter code, as this information is not even on the supabase documentation yet! Otherwise, great video, I can finally correctly secure my pages.

What about oauth handler 😂 There’s no session yet when you get there. Haven’t you just prohibited the access on that route as well?

We can call signInWithOAuth on the client side securely right? You're just doing it on the server for SSR?

you used middleware to refresh expired cookie. but middleware has caching, which has a possibility to miss expired cookie. how can i make middleware check every request? Checking user in Middleware everytime looks inefficient...

Can anyone explain why it’s ok for middleware to make a call to getUser every time? Every single route will have to make a fetch to Supabase in middleware? I thought this was bad practice? Does refreshing the session (getUser) in this case just mean getting a new JWT?

Have the official examples on the website been adapted? If so, the link please :)

I have a question How do you suggest to to do with trpc and trpc context Lets say I have an app where I created protectedRoutes (based on authentication and role of user) Should I still call those supabase methods in server/client components and pass the cookies to this procedures or how it should be done the proper way?