How to handle unregistered users?

expected :
prevent user from going through protected pages when the user is not even in the dashboard (the owner have to assign their email only to be able to login and using the app)

what's happen :
user be able to see protected page even they not fully logged (and the console thrown "/auth/callback?error=access_denied&error_code=signup_disabled&error_description=Signups+not+allowed+for+this+instance"

login function

login function

export async function login() {
  "use server";

  const supabase = await createClient();
  const header = await headers();
  const origin = header.get("origin");

  const { data, error } = await supabase.auth.signInWithOAuth({
    provider: "google",
    options: {
      queryParams: {
        access_type: "offline",
        prompt: "consent",
      },
      redirectTo: `${origin}/auth/callback`,
    },
  });

  if (error) {
    console.log(error);
    redirect("/auth/error");
  }

  console.log(data);
  redirect(data.url);
}

export async function login() {
  "use server";

  const supabase = await createClient();
  const header = await headers();
  const origin = header.get("origin");

  const { data, error } = await supabase.auth.signInWithOAuth({
    provider: "google",
    options: {
      queryParams: {
        access_type: "offline",
        prompt: "consent",
      },
      redirectTo: `${origin}/auth/callback`,
    },
  });

  if (error) {
    console.log(error);
    redirect("/auth/error");
  }

  console.log(data);
  redirect(data.url);
}

middleware.ts

middleware.ts

export async function updateSession(request: NextRequest) {
  // ...

  const {
    data: { user },
  } = await supabase.auth.getUser();

  const publicRoutes = ["/", "/auth/login", "/auth/logout", "/auth/error"];
  const isPublicRoute = publicRoutes.includes(request.nextUrl.pathname);

  if (!user && !isPublicRoute) {
    // no user, potentially respond by redirecting the user to the login page
    const url = request.nextUrl.clone();
    url.pathname = "/auth/login";
    return NextResponse.redirect(url);
  }

  return supabaseResponse;
}

export async function updateSession(request: NextRequest) {
  // ...

  const {
    data: { user },
  } = await supabase.auth.getUser();

  const publicRoutes = ["/", "/auth/login", "/auth/logout", "/auth/error"];
  const isPublicRoute = publicRoutes.includes(request.nextUrl.pathname);

  if (!user && !isPublicRoute) {
    // no user, potentially respond by redirecting the user to the login page
    const url = request.nextUrl.clone();
    url.pathname = "/auth/login";
    return NextResponse.redirect(url);
  }

  return supabaseResponse;
}

- NextJS: 15.5.6
- @supabase/ssr: 0.7.0
- @supabase/supabase-js: 2.76.1

How to handle unregistered users?

login function

login function

export async function login() {
  "use server";

  const supabase = await createClient();
  const header = await headers();
  const origin = header.get("origin");

  const { data, error } = await supabase.auth.signInWithOAuth({
    provider: "google",
    options: {
      queryParams: {
        access_type: "offline",
        prompt: "consent",
      },
      redirectTo: `${origin}/auth/callback`,
    },
  });

  if (error) {
    console.log(error);
    redirect("/auth/error");
  }

  console.log(data);
  redirect(data.url);
}

export async function login() {
  "use server";

  const supabase = await createClient();
  const header = await headers();
  const origin = header.get("origin");

  const { data, error } = await supabase.auth.signInWithOAuth({
    provider: "google",
    options: {
      queryParams: {
        access_type: "offline",
        prompt: "consent",
      },
      redirectTo: `${origin}/auth/callback`,
    },
  });

  if (error) {
    console.log(error);
    redirect("/auth/error");
  }

  console.log(data);
  redirect(data.url);
}

middleware.ts

middleware.ts

export async function updateSession(request: NextRequest) {
  // ...

  const {
    data: { user },
  } = await supabase.auth.getUser();

  const publicRoutes = ["/", "/auth/login", "/auth/logout", "/auth/error"];
  const isPublicRoute = publicRoutes.includes(request.nextUrl.pathname);

  if (!user && !isPublicRoute) {
    // no user, potentially respond by redirecting the user to the login page
    const url = request.nextUrl.clone();
    url.pathname = "/auth/login";
    return NextResponse.redirect(url);
  }

  return supabaseResponse;
}

export async function updateSession(request: NextRequest) {
  // ...

  const {
    data: { user },
  } = await supabase.auth.getUser();

  const publicRoutes = ["/", "/auth/login", "/auth/logout", "/auth/error"];
  const isPublicRoute = publicRoutes.includes(request.nextUrl.pathname);

  if (!user && !isPublicRoute) {
    // no user, potentially respond by redirecting the user to the login page
    const url = request.nextUrl.clone();
    url.pathname = "/auth/login";
    return NextResponse.redirect(url);
  }

  return supabaseResponse;
}

- NextJS: 15.5.6
- @supabase/ssr: 0.7.0
- @supabase/supabase-js: 2.76.1

How to handle unregistered users?

How to handle unregistered users?

Similar Threads

Similar Threads

Similar Threads