A repo with NextJS, supabase and DAL pattern working example. Anyone have it?
Hey guys... i've been struggling for weeks with supabase to keep an alive user session but i keep failing at it and i already refactored whole website dozens of times using several approaches and still, no luck at all... does anyone have bare example of using supabase with nextjs and using DAL pattern - https://nextjs.org/docs/app/guides/data-security#data-access-layer - please? if possible, not using cookies since supabase does not recommend using it all... i've been using
getClaims already and this is only slowing me down somehow...Guides: Data Security | Next.js
Learn the built-in data security features in Next.js and learn best practices for protecting your application's data.
27 Replies
what do you mean keep an alive user session?
user being logged out for not using its session after some time
do you want to log out a user after an inactive session or is your user already being logged out after some inactive time?
Managing session data is usually done by authentication -> session (if you are on pro plan)
the user is getting logged out in like, 5 minutes or less... and this is quite bad to deal with because I want my user to keep its session for at least 7 days if no activity.
By default Supabase clients (and SSR if being used) keep the user signed in "forever" barring a logout or security violation. Seems like you are doing something incorrectly is most likely issue.
so, i'm literally using the recommended way to use supabase - https://supabase.com/ui/docs/nextjs/client - and with DAL pattern on NextJS, nothing beyond that. but the users are getting disconnected from their session quite quickly
Supabase Client Libraries
Supabase client for Next.js
Sorry I don't know next.js or what DAL would impact. Just saying the way Supabase works is either the local storage or Cookies keep the access_token and refresh_token to keep restoring sessions even if the user closes and leaves. If running in a server/browser environment and using the Supabase SSR code https://supabase.com/docs/guides/auth/server-side then it also handles refreshing the token when the JWT expires.
The normal default for the life of a JWT is 1 hour also. So the access_token in the client should be good for 1 hour even if refresh was broken. Did you changed your access token expire time (Dashboard Settings/JWT Keys)? But even if you changed it to 5 minutes, the refresh should keep it alive.
No, never changed that.
I'd change your title to reflect more your issue.
Unless @ihm40 has some more for you, you'll need to attract a user who can help. Many, many use next.js and don't have an issue with logout in 5 minutes.
well... basically i would only need an example of supabase with dal, to see where im doing something wrong. because many supabase examples are based on the deprecated way to get user data
supabase.auth.getUser() instead the new supabase.auth.getClaims way. everything is set accordingly to this video - https://www.youtube.com/watch?v=rwnOal_xRtM - and still, no luckSupabase
YouTube
We made Supabase Auth way faster!
JWT Signing Keys greatly improve the performance of Supabase Auth, by making it possible to validate your user's JWT in your app, rather than waiting to resolve a network request on the Supabase Auth Server. In this video, Jon Meyers demonstrates how to roll your Supabase project's keys over to JWT Signing Keys.
https://supabase.com/blog/jwt-si...
Then add that to your title. Maybe a user has an example for you or has seen one. This is a user helping user forum.
Done! 🙂
quick question still in this matter... should I assume the examples on this page are outdated - https://supabase.com/docs/guides/auth/server-side/nextjs - and I should use
getClaims instead of getUser? Just to understand if the video i sent here is right and this documentation should have an updated version or not. Just because of this doc - https://supabase.com/docs/reference/javascript/auth-getclaims - claims i should now use getClaims... the same happens with supabase error messages on terminal, they are still displaying getUser ...JavaScript: Get user claims from verified JWT | Supabase Docs
Supabase API reference for JavaScript: Get user claims from verified JWT
GetUser still works. The getClaims is an optimization and the Video shows replacing getUser with getClaims. That method with the new JWTs is only a few months old and many still use the old JWT's.
yes,
getUser still works but it will be deprecated in October, right? so it doesn't make any sense to keep using it... right?Where have you read it is deprecated? It is needed in certain cases regardless of getClaims.
GetUser goes to the DB and gets the actual user data from auth.users including fields not in the JWT. It also checks if the user still is signed in. GetClaims() just decodes the current JWT to make sure it is valid.
But I would expect them (Supabase) to update the guides to the new asymmetric JWT;s and getClaims (where appropriate) as time goes on.
No, i did not said it is deprecated, i said it will start to be starting in October, as is stated here (see image), so I started to use it soon to not have any headaches in the future...
so, just to sum up, why am i getting disconnected from the application ? my application is using github social oauth + supabase auth + nextjs and the application doesn't get longer than 5 minutes logged in without activity?
GetUser is not deprecated and still works with the new keys. It is not going away. The current guides using it should still work with the new JWTs.
GetClaims is a faster method (mainly for SSR and server side code) to confirm the user session info and the JWT, but only works with the new keys (at least for peformance gain). It would be good if the guides were updated to show this method for serverside code.
But this should have nothing to do with your issue.
It would be good if the guides were updated to show this method for serverside code. i completely agree with you... a full working example with this new implementation would be amazingAnd no one on this forum can fix that. This is a user helping user forum.
Well I guess a user could write a guide and try and get Supabase to adopt it.
But the "old" guide should work fine with getUser and the new JWT's.
It is not broken, just dated if you are using the new JWT's.
but anywhere I asked anyone to fix anything... I'm only asking for a working example so I can guide myself from there. I'm completely aware that anyone here is obligated to anything. The
old guide should work but, something in the between, is making the user to be disconnected in 5 minutes or less, thats the main reason for opening this topic and nothing else.
but ok then, i will keep struggling hereI understand.
If I were you I would open a new topic and get back the focus on the issue.
I can't solve it as I don't use that, the other user has not come back and not sure they know. I doubt other users are going to look at this one now as very long and that usually makes people think it is being handled. But it is hit or miss if someone who can and is willing to help you debug spots it. My main point in the beginning was you don't have to do anything for the user to stay signed in, it is the default way things are supposed to work. SSR library (server/browser) and supabase-js (browser) handle it.
I can't solve it as I don't use that, the other user has not come back and not sure they know. I doubt other users are going to look at this one now as very long and that usually makes people think it is being handled. But it is hit or miss if someone who can and is willing to help you debug spots it. My main point in the beginning was you don't have to do anything for the user to stay signed in, it is the default way things are supposed to work. SSR library (server/browser) and supabase-js (browser) handle it.
just to understand better ...
I can't solve it as I don't use that, what exactly you don't use? the getClaims or github social auth? just to understand betternext.js
ah... no worries... i wil ltry to figure it out around here somehow then.... thanks