Always getting the error "Auth session missing!" when signing in

[ColinEspinas]

Hello, I've been trying to get supabase auth working on a Nuxt3 project and always get the "Auth session missing!" message from this line: https://github.com/nuxt-community/supabase-module/blob/6d05b9383bd3c9b039e5f7ca17beba8a50812b2a/src/runtime/server/api/session.ts#L17

I was wondering if I had missed something to setup the session? This maybe a beginner issue as I'm just getting into Nuxt3, I've not found anything about authentication sessions on the docs.

Thanks for your time, have a great day.

EDIT: It seems I'm getting the error only when I'm coming from a sign up confirmation link not for "normal sign in".

[larbish]

Hey @ColinEspinas, can you please provide a reproduction ? I did not manage to reproduce it using supabase magic link (is it what you called "sign up confirmation link" ?)

[ColinEspinas]

Hello @larbish, Here is a link to my current projects repository (https://github.com/ColinEspinas/supabase-nuxt). To set it up, you'll need to make a .env file with the variables indicated in the module's documentation (https://supabase.nuxtjs.org/#installation).

The steps to reproduce are:

• Try to sign up with email/password
• Get your sign up confirmation link to your email
• Click on the link
• Get the session error in the console

Hope it's clear enough, have a great day.

[frasza]

I have same issue using GitHub provider.

[frasza]

I have noticed yesterday that it started working out after updating my nuxt dependency.

[ColinEspinas]

Hello, @frasza, which one did you update? I don't think this can be a solution for me as I'm running on the latest tag for the time being on nuxt3: https://github.com/ColinEspinas/supabase-nuxt/blob/ee0341db7dcf82cc3f8110386cb1126ca1212e5a/package.json#L13

[larbish]

@ColinEspinas Can you please update to the last version of the module (0.1.8) ? I tried on your repo, it was ok for me. Let me know !

[frasza]

@ColinEspinas Honestly I am not sure. I was playing around for 30 minutes and everything was done step by step, same code as example in the docs, it didn't work. I was playing with different version at the end I installed latest back again and it started working, without touching the code itself.

[ColinEspinas]

@larbish I'll try updating to 0.1.8 once I'm back from work didn't see the release as it is not tagged in releases yet.

[larbish]

The tag was available anyway. Just created the release 😀

[ColinEspinas]

@larbish Updating to 0.1.8 gives me an error when I run npm run dev (nuxi dev).

ERROR  Cannot start nuxt:  Cannot read properties of undefined (reading 'public')                                                                                    20:44:44

  at setup (node_modules/@nuxtjs/supabase/dist/module.mjs:33:32)
  at Object.normalizedModule (node_modules/@nuxt/kit/dist/index.mjs:577:29)
  at async installModule (node_modules/@nuxt/kit/dist/index.mjs:392:3)
  at async initNuxt (node_modules/nuxt3/dist/index.mjs:1343:7)
  at async load (node_modules/nuxi/dist/chunks/dev.mjs:6759:9)
  at async Object.invoke (node_modules/nuxi/dist/chunks/dev.mjs:6801:5)
  at async _main (node_modules/nuxi/dist/cli.mjs:46:20)

I can't run the project anymore. Seems like this commit https://github.com/nuxt-community/supabase-module/commit/260ebc7be39dfa65902ad4fe6a49639c99a69da8 causing an issue?

[larbish]

@ColinEspinas Are you using the latest nuxt3 version ?

[ColinEspinas]

@larbish Yes, I'm running on the latest version.

PS: You've got the link to my repo in a previous message, here is the package.json I'm using https://github.com/ColinEspinas/supabase-nuxt/blob/master/package.json

[ColinEspinas]

Okay, it works, I've removed the package lock and reinstalled all my deps. Seems like I was ~10 commits behind.

But I'm still getting the original error "Auth session missing!".

[ColinEspinas]

@larbish Just done more research and it seems that the session being null is an expected behavior (https://supabase.com/docs/reference/javascript/auth-signup#notes).

If so we shouldn't get an error from this. It seems like disabling the email confirmations is the only way not to have any errors. That's a shame, I'm sure this feature is used a lot and should work out of the box.

Tell me if I can do anything else to help. I'll be happy to get this to work.

[thorwebdev]

At the point the route is called, the session should exist, as it is only called upon the SIGNED_IN event being fired. Can you send a screenshot of the network request to this route and specifically the payload? @larbish do you have a link to the code that calls the API route?

[larbish]

Thanks for the help @thorwebdev. We're listening on the onAuthStateChange event and calling the API route on change: https://github.com/nuxt-community/supabase-module/blob/main/src/runtime/plugins/supabase.client.ts#L23

[thorwebdev]

Yep, that looks all good. Not sure why for @ColinEspinas the request would send null for the session. @ColinEspinas can you provide some screenshots of the network tab with the payload in sight?

[mwohlan]

I was able to reproduce the "Auth session missing!" error: when multiple tabs of the same app are open with the onAuthStateChange listener active. Only the tab with the active login has a session != null here:

  // Once Nuxt app is mounted
  nuxtApp.hooks.hook('app:mounted', () => {
    // Listen to Supabase auth changes
    client.auth.onAuthStateChange(async (event: AuthChangeEvent, session: Session | null) => {
      await setServerSession(event, session)
      user.value = client.auth.user()
    })
  })
})

The others will throw the error because the session is null, but will get the user anyways, because it has been handled by the active login tab. When no tab besides the active login tab of the same app is open, the error is not thrown.

So maybe simply return here instead of throwing an error ?

if (signEvent === 'SIGNED_IN') {
    if (!session) { throw new Error('Auth session missing!') }
    setCookie(
      event,
      `${cookieOptions.name}-access-token`,
      session.access_token,
      {
        domain: cookieOptions.domain,
        maxAge: cookieOptions.lifetime ?? 0,
        path: cookieOptions.path,
        sameSite: cookieOptions.sameSite
      }
    )
  }

[larbish]

The throw is there to prevent a wrong behaviour, I don't think that removing it is a solution. @thorwebdev What do you think ?

[mwohlan]

The throw is there to prevent a wrong behaviour, I don't think that removing it is a solution. @thorwebdev What do you think ?

a simple return would also stop the execution of the function. The question is if there are any other cases where the signEvent is present but the session is missing other than having multiple tabs of the same app open. If not, than this is not really an error but rather expected behaviour ?

[larbish]

@mwohlan Do you still reproduce this issue ?

[soymartinez]

for those using server-side components and client-side components, be sure to use the correct method.

Next.js example:

// Client side

'use client'

export const useSupabase = () => {
    const context = useContext(Context)

    if (context === undefined) {
        throw new Error('useSupabase must be used inside SupabaseProvider')
    }

    return context
}

// Server side 

import { createServerComponentSupabaseClient } from '@supabase/auth-helpers-nextjs'
import { headers, cookies } from 'next/headers'

export const useSupabaseServer = async () => {
    const supabase = createServerComponentSupabaseClient({
        headers,
        cookies,
    })

    return {
        supabase,
    }
}