You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Leveraging supabase-js and Auth Hooks configured in the Supabase dashboard, the results are inconsistent. When retrieving a session with supabase.auth.getSession() the session.user does not line up with the JWT inside session.access_token. (For reference, the auth.users table is not populated with any raw_user_metadata.)
To Reproduce
Steps to reproduce the behavior, please provide code snippets or a repository:
Supabase Dashboard: Auth Hook is configured to add to user_metadata claim.
Client Side:
On the client side, retrieve the session with supabase.auth.getSession() returning a session object.
session.access_token JWT contains modified user_metadata. (Validated by decoding session.access_token)
session.user has overlap with the token on a few attributes, but most notable the user_metadata and app_metadata are from the backend, instead of extracted from the token.
Expected behavior
Ideally outcome would be that session.user contains the merge of the user data received from the backend, as well as the decoded access_token.
System information
Version of supabase-js: 2.39.3
Version of Node.js: 20
Additional context
This might possibly be an issue with the gotrue project, where the backend API should return the additional claims developed in the auth hook to the client.
The text was updated successfully, but these errors were encountered:
Bug report
Describe the bug
Leveraging
supabase-jsand Auth Hooks configured in the Supabase dashboard, the results are inconsistent. When retrieving a session withsupabase.auth.getSession()thesession.userdoes not line up with the JWT insidesession.access_token. (For reference, theauth.userstable is not populated with anyraw_user_metadata.)To Reproduce
Steps to reproduce the behavior, please provide code snippets or a repository:
user_metadataclaim.Client Side:
supabase.auth.getSession()returning asessionobject.session.access_tokenJWT contains modifieduser_metadata. (Validated by decodingsession.access_token)session.userhas overlap with the token on a few attributes, but most notable theuser_metadataandapp_metadataare from the backend, instead of extracted from the token.Expected behavior
Ideally outcome would be that
session.usercontains the merge of the user data received from the backend, as well as the decoded access_token.System information
Additional context
This might possibly be an issue with the gotrue project, where the backend API should return the additional claims developed in the auth hook to the client.
The text was updated successfully, but these errors were encountered: