nextauthjs
permission denied for schema next_auth
Adapter type
@next-auth/supabase-adapter
Environment
System: OS: Linux 5.19 Ubuntu 22.10 22.10 (Kinetic Kudu) Container: Yes Shell: 5.2.2 - /bin/bash
Binaries: Node: 19.8.1 - /usr/bin/node Yarn: 1.22.19 - /usr/bin/yarn npm: 9.5.1 - /usr/bin/npm
npmPackages: @next-auth/supabase-adapter: ^0.2.1 => 0.2.1 "next-auth": "^4.20.1",
Reproduction URL
https://github.com/nextauthjs/next-auth-example
Describe the issue
Permission denied to access supabase next_auth schema after following documentation.
How to reproduce
I followed the instructions on https://next-auth.js.org/adapters/supabase setting up a project on supabase, using the NextAuth Schema Setup in the SQLEditor and added the next_auth schema in the API config as exposed schema.
When I run the project with npm run dev, however, I got an error from in the console
[next-auth][error][adapter_error_getSessionAndUser]
https://next-auth.js.org/errors#adapter_error_getsessionanduser permission denied for schema next_auth {
code: '42501',
details: null,
hint: null,
message: 'permission denied for schema next_auth'
}
[next-auth][error][SESSION_ERROR]
https://next-auth.js.org/errors#session_error permission denied for schema next_auth UnknownError [GetSessionAndUserError]: permission denied for schema next_auth
I explored the issue and found that if I set the schema permission to anon in supabase
grant usage on schema next_auth to postgres, anon, service_role;
I get another error, now only for the session table.
https://next-auth.js.org/errors#adapter_error_getsessionanduser permission denied for table sessions {
code: '42501',
details: null,
hint: null,
message: 'permission denied for table sessions'
}
[next-auth][error][SESSION_ERROR]
Expected behavior
I don't know if anything changed in supabase with their roles, but I think this should work out-of-the box with the given templates, and not require to grant public anon access to the schema and tables.
Im running into the same error. Were you able to find a solution or workaround for this issue?
I used service key instead of the anon key and the problem went away. https://authjs.dev/reference/adapter/supabase#configure-authjs
I used service key instead of the anon key and the problem went away. https://authjs.dev/reference/adapter/supabase#configure-authjs
Isn't that a huge security problem? That bypasses row level security.
Anyone find a real solution to this?
I used service key instead of the anon key and the problem went away. https://authjs.dev/reference/adapter/supabase#configure-authjs
Isn't that a huge security problem? That bypasses row level security.
Anyone find a real solution to this?
I didn't find a solution to this other than providing the service key. At the end the service key u provide is handled on the backend.
@arscroggin It's a real solution.
This key has the ability to bypass Row Level Security. Never share it publicly.
Which means you should store it as an environment variable / secret in the backend.
same
Edit by maintainer bot: Comment was automatically minimized because it was considered unhelpful. (If you think this was by mistake, let us know). Please only comment if it adds context to the issue. If you want to express that you have the same problem, use the upvote 👍 on the issue description or subscribe to the issue for updates. Thanks!
Had the same problem: turns out auth.uid() will produce the same output (at least for me it does) as next_auth.uid() and you can use this instead
The solution to this IS to just use the SERVICE_ROLE_KEY
Set it as a an env variable in your build env. It should NOT be visible to the client.
They literally say this here: https://authjs.dev/getting-started/adapters/supabase?_gl=1fbem8r_gcl_au*MTI0MDg0MTkzNi4xNzQ0OTc0MzM2LjMwMTQ5NzMyNi4xNzQ0OTg4Mzk1LjE3NDQ5ODgzOTQ.
