Supabase Auth getSession or onAuthStateChange to getUser
I've added supabase otp authentication and noticed in the console that I am getting the following error.
Using the user object as returned from supabase.auth.getSession() or from some supabase.auth.onAuthStateChange() events could be insecure! This value comes directly from the storage medium (usually cookies on the server) and may not be authentic. Use supabase.auth.getUser() instead which authenticates the data by contacting the Supabase Auth server.
2 Replies
Hi @Leftovers. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave:
----------------------
I'm sorry, but the knowledge sources provided do not contain explicit information about the security differences between using Supabase's getSession, onAuthStateChange, and getUser methods, nor do they discuss the warning about using the user object from getSession or onAuthStateChange being potentially insecure. The sources do mention using Supabase authentication in Nuxt and some related configuration and testing strategies, but they do not address this specific security concern or recommend using getUser for authenticated user data.
If you need authoritative guidance on this warning, I recommend consulting the official Supabase documentation or reaching out to the Supabase community for clarification.
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------
<@245583959126310915> Kapa.ai is still learning and improving, please let me know how I did by reacting below.