SupabaseS
Supabase4y ago
user8923

Vercel serverless Node.js API (NOT Next.js) can't auth user with Supabase

supabase-js version: 2.0.4
using Vite (not create-react-app) if that makes a difference.

I'm trying to build an API using Vercel serverless functions (NOT a Next.js API). I can't seem to be able to retrieve the user object from within the API handler. I'm not sure what I'm doing wrong and I see no meaningful error message in the returned error object or the Supabase log. This is the error object:

error:  AuthApiError: Internal server error
    at C:\XXX\node_modules\@supabase\gotrue-js\src\lib\fetch.ts:41:16
    at processTicksAndRejections (node:internal/process/task_queues:95:5) {
  __isAuthError: true,
  status: 500
}


The Supabase event that appears to be raised by the call (what is invalid claim: subject missing?):

{"component":"api","error":"invalid claim: subject missing","level":"error","method":"GET","msg":"Unhandled server error: invalid claim: subject missing","path":"/user","referer":"","remote_addr":"xxx.xxx.xxx.xxx","time":"2022-10-29T19:23:01Z","timestamp":"2022-10-29T19:23:01Z"}


And the code in the API handler:

const supabaseClient = createClient(supabaseUrl, supabaseKey);

const user = await supabaseClient.auth.getUser();


user is null and user.error contains the information pasted above.

I have no problem with auth in a Next.js API using createServerSupabaseClient from the auth-helpers-nextjs package.

Looking at the cookies, after authentication in the browser a cookie containing a JWT gets set in local storage. But the browser does not send that cookie along when requesting the API endpoint. The request headers do not contain the cookie. So I guess the API handler can't verify the user since there is nothing to verify.

I have no idea what's going on. Is this a bug or am I missing something obvious?
Was this page helpful?