Thanks to visit codestin.com
Credit goes to github.com

Skip to content

permission denied for schema next_auth #7032

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
unidesigner opened this issue Mar 22, 2023 · 12 comments
Open

permission denied for schema next_auth #7032

unidesigner opened this issue Mar 22, 2023 · 12 comments
Labels
adapters Changes related to the core code concerning database adapters supabase @auth/supabase-adapter triage Unseen or unconfirmed by a maintainer yet. Provide extra information in the meantime.

Comments

@unidesigner
Copy link

Adapter type

@next-auth/supabase-adapter

Environment

System:
OS: Linux 5.19 Ubuntu 22.10 22.10 (Kinetic Kudu)
Container: Yes
Shell: 5.2.2 - /bin/bash

Binaries:
Node: 19.8.1 - /usr/bin/node
Yarn: 1.22.19 - /usr/bin/yarn
npm: 9.5.1 - /usr/bin/npm

npmPackages:
@next-auth/supabase-adapter: ^0.2.1 => 0.2.1
"next-auth": "^4.20.1",

Reproduction URL

https://github.com/nextauthjs/next-auth-example

Describe the issue

Permission denied to access supabase next_auth schema after following documentation.

How to reproduce

I followed the instructions on https://next-auth.js.org/adapters/supabase setting up a project on supabase, using the NextAuth Schema Setup in the SQLEditor and added the next_auth schema in the API config as exposed schema.

When I run the project with npm run dev, however, I got an error from in the console

[next-auth][error][adapter_error_getSessionAndUser] 
https://next-auth.js.org/errors#adapter_error_getsessionanduser permission denied for schema next_auth {
  code: '42501',
  details: null,
  hint: null,
  message: 'permission denied for schema next_auth'
}
[next-auth][error][SESSION_ERROR] 
https://next-auth.js.org/errors#session_error permission denied for schema next_auth UnknownError [GetSessionAndUserError]: permission denied for schema next_auth

I explored the issue and found that if I set the schema permission to anon in supabase

grant usage on schema next_auth to postgres, anon, service_role;

I get another error, now only for the session table.

https://next-auth.js.org/errors#adapter_error_getsessionanduser permission denied for table sessions {
  code: '42501',
  details: null,
  hint: null,
  message: 'permission denied for table sessions'
}
[next-auth][error][SESSION_ERROR]

Expected behavior

I don't know if anything changed in supabase with their roles, but I think this should work out-of-the box with the given templates, and not require to grant public anon access to the schema and tables.
@unidesigner unidesigner added adapters Changes related to the core code concerning database adapters triage Unseen or unconfirmed by a maintainer yet. Provide extra information in the meantime. labels Mar 22, 2023
@github-actions github-actions bot added the supabase @auth/supabase-adapter label Mar 22, 2023
@wilkieE
Copy link

wilkieE commented Mar 28, 2023

Im running into the same error. Were you able to find a solution or workaround for this issue?

@unidesigner
Copy link
Author

No, unfortunately not.

@conarwelsh
Copy link

any fix get found here? I am seeing the same thing

@shubhxms
Copy link

same problem! any solution?

@majknez
Copy link

majknez commented May 11, 2023
edited
Loading

I used service key instead of the anon key and the problem went away.
https://authjs.dev/reference/adapter/supabase#configure-authjs

@arscroggin
Copy link

I used service key instead of the anon key and the problem went away. https://authjs.dev/reference/adapter/supabase#configure-authjs

Isn't that a huge security problem? That bypasses row level security.

Anyone find a real solution to this?

@majknez
Copy link

majknez commented Jun 10, 2023

I used service key instead of the anon key and the problem went away. https://authjs.dev/reference/adapter/supabase#configure-authjs

Isn't that a huge security problem? That bypasses row level security.

Anyone find a real solution to this?

I didn't find a solution to this other than providing the service key. At the end the service key u provide is handled on the backend.

@dnikomon
Copy link
Contributor

@arscroggin It's a real solution.

This key has the ability to bypass Row Level Security. Never share it publicly.

Which means you should store it as an environment variable / secret in the backend.

@darlleylzp

This comment has been minimized.

Sign in to view
@mathers101
Copy link

Had the same problem: turns out auth.uid() will produce the same output (at least for me it does) as next_auth.uid() and you can use this instead

@Milind220
Copy link

The solution to this IS to just use the SERVICE_ROLE_KEY

Set it as a an env variable in your build env. It should NOT be visible to the client.

They literally say this here: https://authjs.dev/getting-started/adapters/supabase?_gl=1*fbem8r*_gcl_au*MTI0MDg0MTkzNi4xNzQ0OTc0MzM2LjMwMTQ5NzMyNi4xNzQ0OTg4Mzk1LjE3NDQ5ODgzOTQ.

Image

@Milind220
Copy link

Why is this not closed? this is ancient and solved

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
adapters Changes related to the core code concerning database adapters supabase @auth/supabase-adapter triage Unseen or unconfirmed by a maintainer yet. Provide extra information in the meantime.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
10 participants
@unidesigner @conarwelsh @arscroggin @mathers101 @wilkieE @majknez @dnikomon @shubhxms @Milind220 @darlleylzp