supabase icon indicating copy to clipboard operation
supabase copied to clipboard

Published 20 hours ago verified publisher icon nuxt-modules

Auth across multiple subdomains

Open CPTJJ opened this issue 1 year ago • 8 comments

Hello, I would like to make my auth sync across multiple subdomains domain.com -> a.domain.com

Similarly to https://github.com/orgs/supabase/discussions/5742

Is there a convenient way to handle this via the nuxt module?

CPTJJ avatar Nov 09 '23 01:11 CPTJJ

I have the same question. Would be nice to have an answer in 2024

titusdecali avatar Jan 18 '24 06:01 titusdecali

Hi, we are solving this by passing the parent domain as the domain in the cookie options

supabase: {
    redirect: false,
    cookieOptions: {
        domain: process.env.NUXT_PUBLIC_COOKIE_DOMAIN,
    },
},

felixgabler avatar Apr 14 '24 06:04 felixgabler

Hi, we are solving this by passing the parent domain as the domain in the cookie options

supabase: {
    redirect: false,
    cookieOptions: {
        domain: process.env.NUXT_PUBLIC_COOKIE_DOMAIN,
    },
},

Can you elaborate a little more on that? I've tried everything I can think of and I can't get it to work across subdomains. It still sets a value in localStorage, which prevents it from working across subdomains. How exactly are you signing the user in and then how are you getting the user value?

MalachiDraven avatar May 15 '24 16:05 MalachiDraven

For us, it just works by passing example.com as the NUXT_PUBLIC_COOKIE_DOMAIN. Then, we can sign in on sub1.example.com and it recognizes our user on sub2.example.com. We are signing them in using useSupabaseClient<Database>().auth.signInWithOAuth and useSupabaseClient<Database>().auth.signInWithPassword.Then, we use useSupabaseUser to get the user data.

felixgabler avatar May 15 '24 18:05 felixgabler

For us, it just works by passing example.com as the NUXT_PUBLIC_COOKIE_DOMAIN. Then, we can sign in on sub1.example.com and it recognizes our user on sub2.example.com. We are signing them in using useSupabaseClient<Database>().auth.signInWithOAuth and useSupabaseClient<Database>().auth.signInWithPassword.Then, we use useSupabaseUser to get the user data.

Hmm, weird. I've tried doing the same exact thing. It does correctly recognize the access_token and refresh_token cookies for example.com, but there's ALSO a value saved to localStorage that the useSupabaseUser() reads from which messes everything up. For example, if you log into sub1.example.com, and then visit sub2.example.com, it'll show you as logged in which is correct - but then try logging out on either subdomain and the localStorage on the other domain won't be deleted so it'll start giving errors about the auth session not being found or something.

MalachiDraven avatar May 15 '24 19:05 MalachiDraven

Hmm, weird. I've tried doing the same exact thing. It does correctly recognize the access_token and refresh_token cookies for example.com, but there's ALSO a value saved to localStorage that the useSupabaseUser() reads from which messes everything up. For example, if you log into sub1.example.com, and then visit sub2.example.com, it'll show you as logged in which is correct - but then try logging out on either subdomain and the localStorage on the other domain won't be deleted so it'll start giving errors about the auth session not being found or something.

I just tested this on our product and it correctly logs out across domains. I have to note that we are using an unpublished version from my PR #357. Wanna try it out too and see if it works there? @supabase/ssr does handle storing auth tokens a bit differently than this library originally did, I believe.

felixgabler avatar May 16 '24 07:05 felixgabler

Hmm, weird. I've tried doing the same exact thing. It does correctly recognize the access_token and refresh_token cookies for example.com, but there's ALSO a value saved to localStorage that the useSupabaseUser() reads from which messes everything up. For example, if you log into sub1.example.com, and then visit sub2.example.com, it'll show you as logged in which is correct - but then try logging out on either subdomain and the localStorage on the other domain won't be deleted so it'll start giving errors about the auth session not being found or something.

I just tested this on our product and it correctly logs out across domains. I have to note that we are using an unpublished version from my PR #357. Wanna try it out too and see if it works there? @supabase/ssr does handle storing auth tokens a bit differently than this library originally did, I believe.

Oh yeah, that's definitely gotta be the solution! How can I use your version?

MalachiDraven avatar May 16 '24 13:05 MalachiDraven

Oh yeah, that's definitely gotta be the solution! How can I use your version?

It is not easy at the moment, I had to use a git submodule and put this into nuxt.config.ts

export default defineNuxtConfig({
    modules: [
        './modules/supabase-nuxt/src/module.ts',
        ...
    ], ...

felixgabler avatar May 16 '24 13:05 felixgabler