Giters

supabase / auth-helpers

A collection of framework specific Auth utilities for working with Supabase.

Home Page:https://supabase.github.io/auth-helpers/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

cookieOption field "name" is not correctly working

cp-20 opened this issue · comments

commented

Bug report

  • I confirm this is a bug with Supabase, not with my own application.
  • I confirm I have searched the Docs, GitHub Discussions, and Discord.

Describe the bug

I used createPagesBrowserClient for my application and set cookieOption to the below but stored cookie didn't change its name.

{
	name: 'some-cookie-name',
	secure: true,
	sameSite: "Lax",
	domain: "",
	path: "/",
}

I suspect that f7e5c2d makes this bug. Base cookie name passed to createClient of @supabase/supabase-js comes from option.auth.storageKey before this commit, but storageKey field is removed and nothing other is changed after it. Please consider reverting it or take another solution.

commented

This is blocking a migration from @supabase/auth-helpers-sveltekit (where the name option works) to ssr (where the name option no longer works). I can confirm that the name option has no effect on the cookie used for auth data.

commented

@cp-20 @fnimick we fixed this in the supabase/ssr package in #730 - i'll take a look at the other packages to see if the same bug is present there too

commented

@cp-20 @fnimick we fixed this in the supabase/ssr package in #730 - i'll take a look at the other packages to see if the same bug is present there too

I could be mistaken but #730 change applies to the serverClient but not browserClients which will still use sb-${new URL(this.authUrl).hostname.split('.')[0]}-auth-token. Without the change you made to the defaults on serverClient, it's still only going to be making "anon" requests and looking for different session.

Apparently this did exist at one point #677 but was reverted for unclear reason(s).

commented

Any reason it got reverted? I really need this

commented

Any reason it got reverted? I really need this

as a workaround, you need to manually set the storageKey and the cookie.name to the same value. or, don't use the beta ssr auth-helper

commented

Any reason it got reverted? I really need this

as a workaround, you need to manually set the storageKey and the cookie.name to the same value. or, don't use the beta ssr auth-helper

Thanks for the help.

what do you mean beta? afaik is the recommended way now? https://supabase.com/docs/guides/auth/server-side/migrating-to-ssr-from-auth-helpers

Also, about setting the storageKey, you mean patch the library myself? I do not see any storageKey param available

commented

hey @binury, thanks for catching that - i've made a fix for it in #746

commented

I can confirm that the issue lies within Supabase and not within my own application. I have thoroughly searched through the documentation, GitHub Discussions, and Discord for any relevant information.

Description of the Bug:

In my application, I utilized createPagesBrowserClient and set the cookieOption as shown below. However, despite this configuration, the stored cookie did not change its name:

{
    name: 'some-cookie-name',
    secure: true,
    sameSite: "Lax",
    domain: "",
    path: "/",
}

I suspect that the bug may be related to commit hash f7e5c2d. Prior to this commit, the base cookie name passed to createClient of @supabase/supabase-js was derived from option.auth.storageKey. However, after this commit, the storageKey field was removed and no other changes were made. I suggest considering a revert of this commit or exploring alternative solutions.