migrate to new supabase ssr auth package #63
Conversation
|
Very cool! Are you planning on updating once you find the remaining issues you described in #29? I'll hold off a detailed CR until then, probably. |
|
Yes, I'll have a look at it in a few hours. |
|
It looks like the warnings originate from I wanted to make PR fixing this into the supabase/auth-ui, but it says it's in "Maintenance mode" which I suppose means that the PR would go unmerged for a while. So we have a few options here. I'd be interested in hearing which one would you prefer, @scosman
|
|
I'd been meaning to add those stripe_customers definitions back to this repo, so I noticed you also added an id prop. Should that also be added to the creation of that table? CMSaasStarter/database_migration.sql Line 27 in 7904d41 |
You're right, there should be no |
|
@kizivat can you check the security concern? I think I got them all. I completely removed the old method so would have caused build errors if not (I think). That's urgent because... security. Should split that out into the minimal PR if there is anything left. For the rest: on vacation so won't be able to review till next week! But excited to get this in. |
You're right, you got them all, just double checked. I didn't notice you've removed original |
|
Thanks again for this PR. Looks good for quality (not final pass but initial looks good). However: those errors sure are annoying! I do think almost all are originating in our code. The fix suggested here (bit too much of a hack for my liking) does reduce the volume by 95%: supabase/auth-js#873 (comment) - now the code in question does come straight from the supabase guide.... Lots of other folks have the issue too, including after following latest official guides: supabase/auth-js#873 I'm hoping they update docs and/or lib with an approved approach, and am inclined to wait for that. Better old system than one firing lots of security warnings. Also would take this if you can find a clean way to fix this. Potentially the forms you mention, and the a fix to getSafeSession like the ones suggested in the link above? |
|
This seems to be the issue we're waiting on: supabase/auth-js#888 |
|
@kizivat Does this change work with |
well, this change removes the |
|
haha, of course. Okay, let's wait until supabase/auth-js#888 is resolved then. |
|
Just wanted to add something to this pull request. I tried to migrate to the ssr auth myself, and I managed to suppress all warnings. By not using |
|
@mez0ru can you share the code? Is it really just a I had played around with this approach, but found it broke things (supabase expects session to have a user). I can't recall what though. I've seem similar options where they delete it, then replace it with the user from getUser, but the code was ugly and didn't look robust to future issues. |
|
I would like to, but my code is kinda messy and I already overwritten the template a bit. I'm still not 100% sure it supressed it, because there is a rare occasion of the log popping up after a while. When I'm sure I fixed it completely. I will try to replicate my setup on the template and share the code. The key I think, is never using session, instead use |
|
Try the change password functionality / settings too. I assume we need that there (but it's not fresh in my mind). |
This comment was marked as off-topic.
This comment was marked as off-topic.
As I commented on #29 there are still few
warnings being logged. I'm unable to locate where they are coming from atm, but I'm opening this draft PR in case someone would like to have a look.