Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

@supabase/ssr does not have cookie parsing/serialization from CookieAuthStorageAdapter #649

Closed
2 tasks done
prabhpreet opened this issue Oct 12, 2023 · 2 comments
Closed
2 tasks done

@supabase/ssr does not have cookie parsing/serialization from CookieAuthStorageAdapter #649

prabhpreet opened this issue Oct 12, 2023 · 2 comments

Comments

@prabhpreet
Copy link

prabhpreet commented Oct 12, 2023
edited
Loading

Bug report

  • I confirm this is a bug with Supabase, not with my own application.
  • I confirm I have searched the Docs, GitHub Discussions, and Discord.

Describe the bug

Auth helpers for the supported frameworks use CookieAuthStorageAdapter to parse and serialize auth-token and code-verifier cookies. When using @supabase/ssr (when using your own SSR framework), ServerCookieMethods provide methods to get, set and delete cookies , but do not automatically parse the cookies for consumption for the StorageAdapter used by the SupabaseClient.

To Reproduce

  1. Configure PKCE based login method (OAuth) provider in your Supabase app
  2. Use your own SSR framework, with methods/libraries to store cookies. Create a server side login page to initiate login with the auth provider using supabaseClient.auth.signInWithOAuth method. Make sure to use the createServerClient function to create a server side client from the @supabase/ssr package, with your SSR framework's cookie storage methods as a options.cookies parameters with the type ServerCookieMethods to store/parse the cookies.
  3. Use the supabaseClient, and implement callback route in SSR to enable PKCE auth flow, and exchange code for session tokens using the supabaseClient.auth.exchangeCodeForSession method.
  4. Test out the login, and inspect the cookies- the client will fail to find the cookie suffixed with core-verifier even though it will exist in the browser (or there might be parsing errors in the format the cookie was saved as).

Expected behavior

The ServerCookieMethods set method should receive the final serialized cookies expected by the supabaseClient on deserialization, and vice-versa on the get method.

Screenshots

N/A

System information

Additional context

I'm implementing a solve by using CookieAuthStorageAdapter from @supabase/auth-helpers-shared. However, CookieAuthStorageAdapter needs to use this PR (feat: allow promises in CookieAuthStorageAdapter #609) to allow for an async get ServerCookieMethods method.
@prabhpreet prabhpreet added the bug Something isn't working label Oct 12, 2023
@prabhpreet prabhpreet mentioned this issue Oct 12, 2023
Closed
@silentworks silentworks removed the bug Something isn't working label Oct 23, 2023
@silentworks
Copy link
Contributor

Addressed this in the PR that was opened. Closing this out.

@ANGdesarrollo
Copy link

How did you solve this problem? @silentworks . Im logging in with ssr but i cant set the cookie

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@silentworks @prabhpreet @ANGdesarrollo