Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add support for retrieving user session #338

Merged
merged 2 commits into from
Mar 29, 2024
Merged

feat: add support for retrieving user session #338

merged 2 commits into from
Mar 29, 2024

Conversation

joeychilson
Copy link
Contributor

Types of changes

  • Bug fix (a non-breaking change which fixes an issue)
  • New feature (a non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Description

This PR adds a new composable and server context for retrieving the user's session. This works exactly like the User composable and server context but returns the full session information instead of just the user's information. This is useful if you want to send the user's JWT token to an external server for authentication use.

Checklist:

  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have added tests to cover my changes (if not applicable, please state why)

@netlify Netlify
Copy link

netlify bot commented Mar 28, 2024
edited
Loading

👷 Deploy request for n3-supabase pending review.

Visit the deploys page to approve it

Name Link
🔨 Latest commit 2698c01

@larbish
Copy link
Collaborator

larbish commented Mar 28, 2024

Hey @joeychilson, LGTM concerning code. Can you update the doc?

@joeychilson
Copy link
Contributor Author

@larbish I added the updated docs.

@larbish larbish merged commit 07eb081 into nuxt-modules:main Mar 29, 2024
@larbish
Copy link
Collaborator

larbish commented Mar 29, 2024

Thanks for this PR @joeychilson 🙏

Just so you know, you missed the SSR sync for the session, I fixed it here: 9dee37e

@XStarlink
Copy link

Hello @larbish larbish and @joeychilson,

Thanks for this lib and for your work!

I've been using nuxt-supabase for a few months now and I see a lot of 'Unauthorized' in my server logs, and I've experienced this myself several times in my app. Let me explain:

It seems that the refresh token doesn't work in some cases, and that the user isn't disconnected when he should be in order to get a new auth token and be authenticated again, but he's no longer authenticated and can still make calls in the app because the auth middleware sees him as authenticated when he's not.

While searching I found this discussion:
getSession vs getUser

So I looked in the Supabase documentation to see the difference between getUser and getSession, and saw that it says not to use getSession on the server side:

"Since unencrypted session data is retrieved from local storage media, do not consider it a reliable data source on the server. It can be modified by the sender. If you need verified and reliable user data, call getUser instead."

I'm writing to you because when I read the code of this lib, I saw that only getSession is used, even on the server side.

What do you think? Shouldn't serverSupabaseUser use getUser instead of getSession?

@vinceglb vinceglb mentioned this pull request Apr 17, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@larbish larbish larbish approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@joeychilson @larbish @XStarlink