S
Supabase2mo ago
Muezz

Hook requires authorization token

I think it is not relevant but just for context I am setting up password-less auth using magic links in my project. I have a custom auth hook in my local running instance for sending emails. I am getting this following error: 
[NEXT] Unknown error occurred: Error [AuthApiError]: Hook requires authorization token
[NEXT]     at handleError (../../../src/lib/fetch.ts:102:9)
[NEXT]     at async _handleRequest (../../../src/lib/fetch.ts:195:5)
[NEXT]     at async _request (../../../src/lib/fetch.ts:157:16)
[NEXT]     at async SupabaseAuthClient.signInWithOtp (../../src/GoTrueClient.ts:976:27)
[NEXT]     at async (src/server/api/routers/auth.ts:47:25)
[NEXT]     at async (src/server/api/trpc.ts:122:18)
[NEXT]   45 |     .mutation(async ({ input }) => {
[NEXT]   46 |       const sp = await createClient();
[NEXT] > 47 |       const { error } = await sp.auth.signInWithOtp({
[NEXT]      |                         ^
[NEXT]   48 |         email: input.email,
[NEXT]   49 |         options: {
[NEXT]   50 |           emailRedirectTo: env.NEXT_PUBLIC_SITE_URL, {
[NEXT]   __isAuthError: true,
[NEXT]   status: 500,
[NEXT]   code: 'unexpected_failure'
[NEXT] }
[NEXT] ❌ tRPC failed on auth.loginWithMagicLink with input {"email":"my_email@gmail.com"}: Something went wrong
[NEXT] [TRPC] auth.loginWithMagicLink with input {"email":"my_email@gmail.com"} took 1236ms to execute
[NEXT]  POST /api/trpc/auth.loginWithMagicLink?batch=1 500 in 1349ms
[NEXT] Unknown error occurred: Error [AuthApiError]: Hook requires authorization token
[NEXT]     at handleError (../../../src/lib/fetch.ts:102:9)
[NEXT]     at async _handleRequest (../../../src/lib/fetch.ts:195:5)
[NEXT]     at async _request (../../../src/lib/fetch.ts:157:16)
[NEXT]     at async SupabaseAuthClient.signInWithOtp (../../src/GoTrueClient.ts:976:27)
[NEXT]     at async (src/server/api/routers/auth.ts:47:25)
[NEXT]     at async (src/server/api/trpc.ts:122:18)
[NEXT]   45 |     .mutation(async ({ input }) => {
[NEXT]   46 |       const sp = await createClient();
[NEXT] > 47 |       const { error } = await sp.auth.signInWithOtp({
[NEXT]      |                         ^
[NEXT]   48 |         email: input.email,
[NEXT]   49 |         options: {
[NEXT]   50 |           emailRedirectTo: env.NEXT_PUBLIC_SITE_URL, {
[NEXT]   __isAuthError: true,
[NEXT]   status: 500,
[NEXT]   code: 'unexpected_failure'
[NEXT] }
[NEXT] ❌ tRPC failed on auth.loginWithMagicLink with input {"email":"my_email@gmail.com"}: Something went wrong
[NEXT] [TRPC] auth.loginWithMagicLink with input {"email":"my_email@gmail.com"} took 1236ms to execute
[NEXT]  POST /api/trpc/auth.loginWithMagicLink?batch=1 500 in 1349ms
Here is the relevant section in my config.toml file: 
[auth.hook.send_email]
enabled = true
# Uncomment this line and comment the next line to use local development hook
uri = "http://host.docker.internal:3000/api/v2/public/emails/supabase"
# uri = "https://dashboard.my_project.io/api/v2/public/emails/supabase"
secrets = "env(SEND_EMAIL_HOOK_SECRET)"
[auth.hook.send_email]
enabled = true
# Uncomment this line and comment the next line to use local development hook
uri = "http://host.docker.internal:3000/api/v2/public/emails/supabase"
# uri = "https://dashboard.my_project.io/api/v2/public/emails/supabase"
secrets = "env(SEND_EMAIL_HOOK_SECRET)"
What could be the reason for this? The error goes away if I remove the auth hook.
19 Replies
garyaustin
garyaustin2mo ago
Maybe show your hook code.
Muezz
MuezzOP2mo ago
import { sendEmail } from "@/lib/emails/send";
import EmailTemplate from "@/lib/emails/templates/supabase/reset-password";
import { env } from "@/lib/env";
import { Webhook } from "standardwebhooks";

export async function POST(request: Request) {
  const hookSecret = env.SEND_EMAIL_HOOK_SECRET.replace("v1,whsec_", "");
  const payload = await request.text();
  const headers = Object.fromEntries(request.headers);
  const wh = new Webhook(hookSecret);
  try {
    const {
      user,
      email_data: { token, token_hash, redirect_to, email_action_type },
    } = wh.verify(payload, headers) as {
      user: {
        email: string;
      };
      email_data: {
        token: string;
        token_hash: string;
        redirect_to: string;
        email_action_type: string;
        site_url: string;
        token_new: string;
        token_hash_new: string;
      };
    };

    await sendEmail({
      from: "My App <team@dashboard.my_app.io>",
      to: [user.email],
      subject: "Reset Your Password on My App Dashboard",
      react: EmailTemplate({
        token,
        token_hash,
        redirect_to,
        email_action_type,
      }),
    });
  } catch (error) {
    console.log(error);
    return Response.json(
      { error },
      { status: 401 },
    );
  }

  return Response.json(
    {},
    { status: 200 },
  );
}
import { sendEmail } from "@/lib/emails/send";
import EmailTemplate from "@/lib/emails/templates/supabase/reset-password";
import { env } from "@/lib/env";
import { Webhook } from "standardwebhooks";

export async function POST(request: Request) {
  const hookSecret = env.SEND_EMAIL_HOOK_SECRET.replace("v1,whsec_", "");
  const payload = await request.text();
  const headers = Object.fromEntries(request.headers);
  const wh = new Webhook(hookSecret);
  try {
    const {
      user,
      email_data: { token, token_hash, redirect_to, email_action_type },
    } = wh.verify(payload, headers) as {
      user: {
        email: string;
      };
      email_data: {
        token: string;
        token_hash: string;
        redirect_to: string;
        email_action_type: string;
        site_url: string;
        token_new: string;
        token_hash_new: string;
      };
    };

    await sendEmail({
      from: "My App <team@dashboard.my_app.io>",
      to: [user.email],
      subject: "Reset Your Password on My App Dashboard",
      react: EmailTemplate({
        token,
        token_hash,
        redirect_to,
        email_action_type,
      }),
    });
  } catch (error) {
    console.log(error);
    return Response.json(
      { error },
      { status: 401 },
    );
  }

  return Response.json(
    {},
    { status: 200 },
  );
}
garyaustin
garyaustin2mo ago
I would log out your hook secret in the function. Seems like it is not getting to the webhook call.
Muezz
MuezzOP2mo ago
I did that just now in the first line of the function. It seems this api is even being called at all by supabase. The error is happening before that imo.
garyaustin
garyaustin2mo ago
Also looking at the code from the guide it uses Deno.env not sure that is critical or not. Your edge function is not running? Not going to be much help as this appears to be a local dev environment. Not exactly sure what your uri is pointing to, but there may be multiple ways to do this. https://supabase.com/docs/guides/auth/auth-hooks?queryGroups=language&language=http#local-development
No description
garyaustin
garyaustin2mo ago
I guess you are not using an edge function.
Muezz
MuezzOP2mo ago
My uri points to my own nextjs api. I am not using an edge function. I dont think that should be an issue. I could be wrong...
garyaustin
garyaustin2mo ago
Not messed with local hooks. The error seems to be though the webhook library call not having the token.
Muezz
MuezzOP2mo ago
That is why I think it must be something else. Since the api is being called from inside supabase sdk, the addition of the auth token in the header is not under my scope, right?
garyaustin
garyaustin2mo ago
This is the token you generated for the webhook and stored in the env data I believe.
garyaustin
garyaustin2mo ago
I'm thinking it is that:
No description
Muezz
MuezzOP2mo ago
Oh. That token is definitely in my env file. I am passing it in the config file too: 
[auth.hook.send_email]
enabled = true
# Uncomment this line and comment the next line to use local development hook
uri = "http://host.docker.internal:3000/api/v2/public/emails/supabase"
# uri = "https://dashboard.my_project.io/api/v2/public/emails/supabase"
secrets = "env(SEND_EMAIL_HOOK_SECRET)" # <----- right here
[auth.hook.send_email]
enabled = true
# Uncomment this line and comment the next line to use local development hook
uri = "http://host.docker.internal:3000/api/v2/public/emails/supabase"
# uri = "https://dashboard.my_project.io/api/v2/public/emails/supabase"
secrets = "env(SEND_EMAIL_HOOK_SECRET)" # <----- right here
garyaustin
garyaustin2mo ago
Right. I'm just saying I think the error is that Webhook call saying it is not getting it. Do you have any other auth webhooks running?
Muezz
MuezzOP2mo ago
No. That is the only one.
garyaustin
garyaustin2mo ago
The error message is clearly saying a hook is getting the error, and you don't pass in any sort of JWT token, just the secret. Nothing in your code seems to generate the message, but I guess you also say it is not running.
Muezz
MuezzOP2mo ago
Just to confirm, I tested with a random webhook from webhook.site too jsut now and it did not get any event. I will test another thing now. I will comment out the secrets line to see how it behaves
garyaustin
garyaustin2mo ago
I guess there could be something going wrong in the supabase auth code at the point it calls your hook (hence the hook requires part of the error).. But I don't know how you would cause the Auth API call to not have a token. That message though in quotes "Hook requires authorization token" does not appear on the web....
Muezz
MuezzOP2mo ago
Yeah. I googled it too and did not find anything. Alright. So I fixed it. You were right. That secret was not being passed correctly. There were two issues actually: - I was resetting and not restarting my local instance (silly mistake) - so any config changes were not taking effect. - I was not passing the env file to those commands. I feel like if the config file uses env(SOME_ENV_VAR), it should be throwing an error for it if it cant find it. Anyway, thanks for pointing me in the right direction.
garyaustin
garyaustin2mo ago
Sometimes I amaze myself stumbling thru stuff I've never used... Glad it helped.

Did you find this page helpful?