PricingDocsAcademy
Bluesky ...
Fri, Dec 13, 8:32 AM

Switch to new API UI breaks my Supabase calls

  • mdxwired

    1 month ago

    Hey all... So, with no other changes, an API setup that was working moments before the switch to the new API UI, now gives me this error instead:
    "JWSError (CompactDecodeError Invalid number of parts: Expected 3 parts; got 2)"

    To be clear, my authentication was working 100%, and then it wasn't. Any thoughts on this?
  • mdxwired

    1 month ago

    Figured it out.

    By default, the previous methodology used to look for the JWT access token from login in the session cookies. Now, the new methodology defaults to looking for it in HTTP Only cookies. SO... one just needs to modify the auto-created API Bearer header to find the JWT in the correct place (session cookies).
  • Lucas G

    1 month ago

    Both APIs should use the same place ๐Ÿค” can you clarify how you were storing it?
  • Lucas G

    1 month ago

    This is more for me to understand*
  • Lucas G

    1 month ago

    @Kedde shouldnโ€™t they work the same or can you alleviate my ignorance ๐Ÿ˜ฌ
  • Andreas Mรธller

    1 month ago

    No they should work the same.
  • mdxwired

    1 month ago

    Sadly, they do not for me. Also, the new methodology no longer seems to be passing my user id, which is breaking my policies on the database side. Is there some way in which I need to pass this more deliberately now?
  • mdxwired

    1 month ago

    By "my user id" I mean the one that is successfully returned from my toddle-based Supabase login.
  • /attachments/1305925241289314317/1305980737920696370/image.png

    mdxwired

    1 month ago

    image.png
    image.png
  • {"access_token":"xxxxxxxxxxxxxxObfuscatedxxxxxxxxxxxxxxxxxxxxxxx","token_type":"bearer","expires_in":3600,"expires_at":1731443652,"refresh_token":"h2oQFmesYqokInakEFkWVQ","user":{"id":"888deb53-4f88-4481-84dd-1e47cf2357b5","aud":"authenticated","role":"authenticated","email":"ssamples@somewhere.org","email_confirmed_at":"2024-08-18T02:42:49.232661Z","phone":"","confirmed_at":"2024-08-18T02:42:49.232661Z","last_sign_in_at":"2024-11-12T19:34:12.026143623Z","app_metadata":{"provider":"email","providers":["email"]},"user_metadata":{},"identities":[{"identity_id":"3e6dd4a1-745a-4f1d-86ff-fb4f42133662","id":"888deb53-4f88-4481-84dd-1e47cf2357b5","user_id":"888deb53-4f88-4481-84dd-1e47cf2357b5","identity_data":{"email":"ssamples@somewhere.org","email_verified":false,"phone_verified":false,"sub":"888deb53-4f88-4481-84dd-1e47cf2357b5"},"provider":"email","last_sign_in_at":"2024-08-18T02:42:49.224022Z","created_at":"2024-08-18T02:42:49.224081Z","updated_at":"2024-08-18T02:42:49.224081Z","email":"ssamples@somewhere.org"}],"created_at":"2024-08-18T02:42:49.216097Z","updated_at":"2024-11-12T19:34:12.041149Z","is_anonymous":false}}
  • /attachments/1305925241289314317/1305981915853094992/image.png

    mdxwired

    1 month ago

    I had been using the in-built Authorization setup, rather than header-based, which was grabbing my session cookie just fine... and I did not seem to need to expressly send my user_id. Worked Great!! Not sure what I am doing wrong now after the UI switch.
    image.png
  • Erik Beuschau

    1 month ago

    Hi @mdxwired
    What does your new API request look like? Does it include the Authorization header? In case you published any of the migrated APIs it's always possible to do a rollback.
  • mdxwired

    1 month ago

    Yes, I got the Authorization header to work, by referencing the session cookie instead of the HTTP Only cookies. So, the Supabase server recognizes me as authorized... it is just not returning any records due to a policy that says

    on "public"."user_profiles"
    to authenticated
    using (
    (owner = auth.uid())
    );

    Which, again, worked fine right before I migrated. Not blaming anyone. Just assuming that I am doing something wrong now.
  • Somehow, the auth.uid is no longer being automatically 'picked up' from the access token. No clue why.
  • /attachments/1305925241289314317/1305985555875758131/Screenshot_2024-11-12_at_21.00.01.png

    Erik Beuschau

    1 month ago

    so your Authorization header looks something like this?
    Screenshot_2024-11-12_at_21.00.01.png
  • /attachments/1305925241289314317/1305986434485981237/image.png

    mdxwired

    1 month ago

    Actually, when it looked like that, it did not work. Mine now looks like this...
    It does not show the variable in the interface, but seems to still be passing it, I think.
    image.png
  • Tod

    1 month ago

    Great energy @mdxwired! Your continuous contribution to the toddle Community just made you advance to Community Level 7!
  • /attachments/1305925241289314317/1305986535367381083/image.png

    mdxwired

    1 month ago

    image.png
  • /attachments/1305925241289314317/1305986964629098556/image.png

    mdxwired

    1 month ago

    image.png
  • Erik Beuschau

    1 month ago

    If you're storing the access_token in session storage, I guess it doesn't really make sense for you to use the Set session cookies action (which sets a cookie). Also, if you're using session storage, you need to be aware that the request cannot run during server side rendering (since session storage is only available in the browser). So you might want to disable SSR for your request (if that's currently enabled). It should still be possible to use our proxy although it's also not stricly needed if you have the token in session storage
  • mdxwired

    1 month ago

    OK. So, to avoid all of this nonsense... where should I be storing my token so that the upgrades to th API containers will just work the first time? I can adjust the storage much more easily than trying to accommodate the way that I first learned.
  • ...instead of this:
    image.png
  • mdxwired

    1 month ago

    Sorry. Frustrated because I followed a tutorial to get to where I got... and now it appears that was not where I should have been.
  • Erik Beuschau

    1 month ago

    I would recommend:
    - Ensure you have the toddle browser plugin installed
    - Use the Set Session Cookies action that you already use to store the access_token cookie as an http-only cookie
    - Use the default Authorization header (similar to this screenshot Switch to new API UI breaks my Supabase calls)
    - Ensure you have proxying enabled for you API request
    - Hope it works ๐Ÿคž
  • Erik Beuschau

    1 month ago

    No worries. We're here to help ๐Ÿ™Œ
  • Andreas Mรธller

    1 month ago

    The tutorials probably need an update ๐Ÿ™‚
  • mdxwired

    1 month ago

    When I use the method indicated I get this:
    {"code":"PGRST301","details":null,"hint":null,"message":"JWT expired"}
  • Lucas G

    1 month ago

    Are there any tutorials that store access tokens in session storage?
  • Andreas Mรธller

    1 month ago

    No.
  • Lucas G

    1 month ago

    Thatโ€™s not best practice and I donโ€™t think is recommended anywhere
  • Lucas G

    1 month ago

    Log back in
  • mdxwired

    1 month ago

    Have done so numerous times. No longer seems to have the desired effect.
  • Lucas G

    1 month ago

    Sounds like something is off with how the token is being stored
  • mdxwired

    1 month ago

    hang on... trying something else.
    ๐Ÿคž1
  • /attachments/1305925241289314317/1305992930988658780/image.png

    mdxwired

    1 month ago

    So, here is the thing... I am not using 'session storage.' I am using 'session cookies', as indicated.

    Yet it does not seem to be working with the new Authorization Header.

    The toddle plugin has been installed the whole time. The only change is that I hit the 'upgrade' button, and what worked no longer works.

    I cannot quantify the problem any further.
    image.png
  • Was there something else that the old in-built auth was doing in addition to setting the Authorization header behind the scenes?
  • Erik Beuschau

    1 month ago

    I've just updated my Supabase auth project here if you want to have a look at a reference implementation https://toddle.dev/projects/erik_auth/branches/main/components
    It's not possible to sign up in that project though since I've not setup email for my Supabase project, but let me know if you want an invite for the project so you can test it properly
  • @Erik Beuschau
    I've just updated my Supabase auth project here if you want to have a look at a reference implementation https://toddle.dev/projects/erik_auth/branches/main/components
    It's not possible to sign up in that project though since I've not setup email for my Supabase project, but let me know if you want an invite for the project so you can test it properly

    mdxwired

    1 month ago

    Yes please. I am anxious to figure out what I am doing differently / incorrectly.
  • /attachments/1305925241289314317/1305993543193464873/Screenshot_2024-11-12_at_21.31.22.png

    Erik Beuschau

    1 month ago

    It's important that requests that use the Authorization header have "Proxy request" enabled. I don't think that happens automatically atm ๐Ÿค”
    Screenshot_2024-11-12_at_21.31.22.png
  • Erik Beuschau

    1 month ago

    Cool. Please send me a DM with your email and I'll send you an invite ๐Ÿ‘
  • /attachments/1305925241289314317/1305993844285767742/image.png

    mdxwired

    1 month ago

    image.png
  • will do
  • Lucas G

    1 month ago

    Thatโ€™s weird. Thereโ€™s no reason for it to work when pulling from session storage
  • ๐Ÿค”
  • mdxwired

    1 month ago

    Sorry. I have never been using session storage. If I said so it was in error. I have always been using session cookies, as indicated.
  • /attachments/1305925241289314317/1305996307973931039/image.png

    mdxwired

    1 month ago

    As such.
    image.png
  • Erik Beuschau

    1 month ago

    I think we just got confused with this screenshot ๐Ÿ™‚ Switch to new API UI breaks my Supabase calls
  • Lucas G

    1 month ago

    Yes
  • mdxwired

    1 month ago

    HA! Interesting... that actually IS the way that I was doing it... no idea why it worked. I am setting cookies but referencing storage. No clue.
  • My brain just saw what it expected to see after too many hours of staring at it.
  • Still, no idea why the correct method is not working if I am storing the token where I should be, which I think I am.
  • mdxwired

    1 month ago

    SOLVED!!!

    Plugin had 'died.' ๐Ÿ’€
    That was all. It was installed, and running... but just not functioning for some reason. I uninstalled, rebooted, re-installed, and now everything is working exactly like it says on the tin. ๐Ÿ‘
    ๐Ÿ™Œ1
  • /attachments/1305925241289314317/1306005366898823210/image.png

    mdxwired

    1 month ago

    I changed exactly nothing else and...
    image.png
  • Lucas G

    1 month ago

    Nice
  • Maybe it just needed to update to the newer version
  • Glad you got it solved

Stop scrolling. Start building.

toddle is a visual web app builder that rivals custom code โ€” but accessible to your entire team!

Try toddle โ€” it's free!

ยฉ Copyright 2024 toddle. All rights reserved.