SupabaseS
Supabase2mo ago
qwrts

How to handle unregistered users?

expected :
prevent user from going through protected pages when the user is not even in the dashboard (the owner have to assign their email only to be able to login and using the app)

what's happen :
user be able to see protected page even they not fully logged (and the console thrown "/auth/callback?error=access_denied&error_code=signup_disabled&error_description=Signups+not+allowed+for+this+instance"


login function
export async function login() {
  "use server";

  const supabase = await createClient();
  const header = await headers();
  const origin = header.get("origin");

  const { data, error } = await supabase.auth.signInWithOAuth({
    provider: "google",
    options: {
      queryParams: {
        access_type: "offline",
        prompt: "consent",
      },
      redirectTo: `${origin}/auth/callback`,
    },
  });

  if (error) {
    console.log(error);
    redirect("/auth/error");
  }

  console.log(data);
  redirect(data.url);
}


middleware.ts
export async function updateSession(request: NextRequest) {
  // ...

  const {
    data: { user },
  } = await supabase.auth.getUser();

  const publicRoutes = ["/", "/auth/login", "/auth/logout", "/auth/error"];
  const isPublicRoute = publicRoutes.includes(request.nextUrl.pathname);

  if (!user && !isPublicRoute) {
    // no user, potentially respond by redirecting the user to the login page
    const url = request.nextUrl.clone();
    url.pathname = "/auth/login";
    return NextResponse.redirect(url);
  }

  return supabaseResponse;
}


  • NextJS: 15.5.6
  • @supabase/ssr: 0.7.0
  • @supabase/supabase-js: 2.76.1
Was this page helpful?