Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

getSession user data out of data with access_token #852

Open
2 tasks done
mr-menno opened this issue Feb 9, 2024 · 1 comment
Open
2 tasks done

getSession user data out of data with access_token #852

mr-menno opened this issue Feb 9, 2024 · 1 comment
Labels
auth bug Something isn't working

Comments

@mr-menno
Copy link

mr-menno commented Feb 9, 2024

Bug report

  • I confirm this is a bug with Supabase, not with my own application.
  • I confirm I have searched the Docs, GitHub Discussions, and Discord.

Describe the bug

Leveraging supabase-js and Auth Hooks configured in the Supabase dashboard, the results are inconsistent. When retrieving a session with supabase.auth.getSession() the session.user does not line up with the JWT inside session.access_token. (For reference, the auth.users table is not populated with any raw_user_metadata.)

To Reproduce

Steps to reproduce the behavior, please provide code snippets or a repository:

  1. Supabase Dashboard: Auth Hook is configured to add to user_metadata claim.

Client Side:

  1. On the client side, retrieve the session with supabase.auth.getSession() returning a session object.
  2. session.access_token JWT contains modified user_metadata. (Validated by decoding session.access_token)
  3. session.user has overlap with the token on a few attributes, but most notable the user_metadata and app_metadata are from the backend, instead of extracted from the token.

Expected behavior

Ideally outcome would be that session.user contains the merge of the user data received from the backend, as well as the decoded access_token.

System information

  • Version of supabase-js: 2.39.3
  • Version of Node.js: 20

Additional context

This might possibly be an issue with the gotrue project, where the backend API should return the additional claims developed in the auth hook to the client.

@nirentuladhar
Copy link

Any updates on this? We're facing the same issue.

@charislam charislam added the auth label Jun 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
auth bug Something isn't working
Projects
None yet
Development

No branches or pull requests

3 participants