Supabase Auth
Backend & InfraAn isomorphic Javascript client for Supabase. Query your Supabase database, subscribe to realtime events, upload and download files, browse typescript examples, invoke postgres functions via rpc, invoke supabase edge functions, query pgvector.
Release History
v2.110.6-canary.0v2.110.5v2.110.4v2.110.4-canary.0v2.110.3v2.110.3-canary.1v2.110.3-canary.0v2.110.21 fixThis patch release primarily addresses an issue in the auth module where local sessions were not being cleared during signout failures.
v2.110.2-canary.01 fixThis canary release primarily addresses a bug in the auth module where local sessions were not being cleared during signout failures.
v2.110.12 fixesThis patch release addresses minor issues in auth and realtime modules, specifically concerning initialization notifications and heartbeat status reporting.
v2.110.1-canary.02 fixesThis canary release addresses two minor bugs related to initialization timing in Auth and status handling in Realtime subscriptions.
v2.110.0BreakingThis release drops support for Node.js 20, requiring users to upgrade their runtime environment to Node.js 21 or newer.
v2.110.0-canary.01 featureThis canary release primarily removes support for Node.js 20.
v2.109.04 fixes3 featuresThis release introduces new filtering capabilities for Realtime Postgres changes and exposes cache purging in Storage. Several minor fixes address Content-Type handling in Functions and dependency pinning in Realtime.
v2.108.3-canary.2This was a version bump only, there were no code changes.
v2.108.3-canary.12 fixesThis canary release primarily addresses two bug fixes: ensuring Content-Type overrides are respected in functions and maintaining default sorting behavior in storage list operations.
v2.108.3-canary.01 fixThis canary release primarily addresses dependency management by pinning specific dependencies within the realtime module.
v2.108.22 fixesThis patch release focuses on stability fixes, specifically addressing session preservation during auth failures and clarifying realtime error messages.
v2.108.2-canary.5This was a version bump only, there were no code changes.
v2.108.2-beta.52 fixesThis beta release focuses on stability fixes, specifically addressing session handling during auth refresh failures and clarifying realtime error messages.
v2.108.2-canary.41 fixThis canary release primarily addresses a clarification for a 404 error and server migration note within the realtime module.
v2.108.2-canary.3This was a version bump only, there were no code changes.
v2.108.2-canary.21 fixThis canary release primarily focuses on restoring and enabling JSR publish flags for beta testing.
v2.108.2-beta.13 fixesThis beta release primarily focuses on fixing authentication session handling during refresh failures and stabilizing the release process by pinning Deno and adjusting JSR publishing flags.
v2.108.2-canary.11 fixThis canary release addresses an issue by pinning Deno and bounding JSR publish to prevent stranded-task hangs.
v2.108.2-beta.02 fixesThis beta release focuses on stability fixes, specifically addressing session preservation during authentication failures and improving the reliability of the release process.
v2.108.2-canary.01 fixThis canary release addresses a bug in the authentication module related to session handling during refresh failures.
v2.108.12 fixesThis patch release primarily addresses CI configuration and fixes a typing issue within the Postgrest module.
v2.108.1-canary.2This was a version bump only, there were no code changes.
v2.108.1-canary.11 fixThis canary release primarily addresses a typing issue within the postgrest module.
v2.108.1-canary.01 fixThis canary release primarily addresses a CI configuration issue by forwarding the DOGFOOD_APP_CLIENT_ID environment variable.
v2.108.02 fixes1 featureThis release introduces a consistent confirmation flow for auth.resend() and improves compatibility for request headers in postgrest operations.
v2.108.0-canary.02 fixes1 featureThis canary release introduces a consistent confirmation flow for auth.resend() and fixes issues related to error logging and header passing for React Native compatibility.
v2.107.06 fixes3 featuresThis release updates authentication mechanisms, enhances Realtime payload handling, and refines error reporting in Postgrest. It also updates the X-Client-Info header format.
v2.107.0-canary.6This was a version bump only, there were no code changes.
v2.107.0-canary.51 fixThis canary release primarily addresses an internal publishing fix related to the gotrue-js legacy mirror.
v2.107.0-beta.76 fixes3 featuresThis beta release introduces structured metadata for X-Client-Info, allows binary payloads in Realtime httpSend, and fixes several authentication and Postgrest error handling issues.
v2.107.0-canary.41 fixThis canary release primarily addresses an internal dependency pinning issue related to JSR publishing.
v2.107.0-beta.64 fixes3 featuresThis beta release introduces a new structured metadata format for X-Client-Info, allows binary payloads in realtime httpSend, and fixes several authentication and PostgREST error handling issues.
v2.107.0-canary.3This was a version bump only, there were no code changes.
v2.107.0-canary.21 fixThis canary release reverts a previous fix related to encoding client-id in oauth requests.
v2.107.0-canary.11 featureThis canary release introduces a significant change to the authentication system by replacing the navigator.locks-based mutex with a commit guard and dispose() mechanism.
v2.107.0-canary.01 fix2 featuresThis canary release introduces the ability to send binary payloads via httpSend in realtime and updates the X-Client-Info header format for better metadata reporting.
v2.106.3-canary.21 fixThis canary release primarily addresses a bug in Postgrest handling of non-JSON bodies in successful responses.
v2.106.3-canary.1This was a version bump only, there were no code changes.
v2.106.3-canary.01 fixThis canary release fixes an issue in the Auth module where expired JWTs were not correctly resulting in an AuthInvalidJwtError from getClaims.
v2.107.0-beta.1This release was a version bump only, containing no functional code changes.
v2.107.0-beta.0This release was solely a version bump with no accompanying code changes.
v2.106.22 fixesThis patch release fixes an issue with the auth signup response and improves compatibility for React Native environments using Hermes.
v2.106.2-canary.1This was a version bump only, there were no code changes.
v2.106.2-canary.02 fixesThis canary release primarily focuses on fixing an issue with the auth signup user response and improving compatibility for React Native environments.
v2.106.2-beta.2This release was a version bump only, containing no functional code changes.
v2.106.2-beta.0This release was solely a version bump with no accompanying code changes.
v2.106.12 fixesThis patch release fixes an issue with client-id encoding in OAuth requests and hides dynamic imports from hermesc.
v2.106.1-canary.11 fixThis canary release primarily addresses an internal issue by hiding a dynamic import from hermesc.
v2.106.1-beta.32 fixesThis beta release primarily focuses on bug fixes, including ensuring the client-id is encoded in OAuth requests and resolving an OpenTelemetry import issue.
v2.106.1-canary.01 fixThis canary release fixes an issue where the client-id was not being encoded correctly in OAuth requests.
v2.106.1-beta.22 fixesThis patch release primarily focuses on bug fixes, including correctly encoding the client-id in OAuth requests and resolving an OpenTelemetry import issue.
v2.106.1-beta.11 fixThis beta release primarily focuses on minor fixes, including resolving an issue with OpenTelemetry imports.
v2.106.1-beta.02 fixesThis beta release (2.106.1-beta.0) primarily addresses an OpenTelemetry import issue and includes the addition of new tests.
v2.106.03 fixes1 featureThis release introduces W3C/OpenTelemetry trace context propagation for Supabase and includes several fixes related to auth verification and storage stream handling.
v2.106.0-canary.4This release was solely a version bump with no accompanying code changes.
v2.106.0-canary.3This release was solely a version bump with no accompanying code changes.
v2.106.0-canary.2This release was solely a version bump with no accompanying code changes.
v2.105.5-beta.101 fix1 featureThis beta release introduces W3C/OpenTelemetry trace context propagation for Supabase operations and addresses internal packaging for the tracing module.
v2.106.0-canary.11 fixThis canary release primarily focuses on internal maintenance by marking the @supabase/tracing package as private and snapshotting it for JSR.
v2.105.5-beta.91 fix1 featureThis beta release introduces W3C/OpenTelemetry trace context propagation support for Supabase and addresses internal packaging for the tracing module.
v2.106.0-canary.01 featureThis canary release introduces W3C/OpenTelemetry trace context propagation support for Supabase operations.
v2.105.5-beta.8This release (2.105.5-beta.8) was strictly a version bump with no accompanying code changes.
v2.105.5-beta.5This release was a version bump only, containing no functional code changes.
v3.0.0-next.29This was a version bump only, there were no code changes.
v2.105.5-beta.0Breaking14 fixes2 featuresThis beta release introduces significant new features including WebAuthn passkey support in Auth and deferred disconnect in Realtime. It also includes several bug fixes, notably ensuring consistent error wrapping in Postgrest and changing the behavior of the Storage exists method.
v2.105.43 fixesThis patch release focuses on stability fixes across Auth, Postgrest, and Realtime modules, addressing issues related to JSON parsing, fetch abort detection, and storage access.
v2.105.4-canary.2This was a version bump only, there were no code changes.
v3.0.0-next.28This was a version bump only, there were no code changes.
v3.0.0-next.271 fixThis release primarily focuses on a bug fix related to accessing sessionStorage in restricted-storage browsers within the realtime functionality.
v2.105.4-canary.11 fixThis canary release primarily addresses a bug related to accessing sessionStorage in restricted-storage browsers within the realtime functionality.
v2.105.4-canary.02 fixesThis canary release primarily addresses bug fixes in the auth and postgrest modules, specifically handling JSON parsing failures and abort detection in fetch operations.
v3.0.0-next.261 fixThis release primarily addresses a bug in the auth module where getItemAsync failed on JSON parse errors, now correctly returning null.
v3.0.0-next.251 fixThis release primarily focuses on fixing an issue in the postgrest fetch catch mechanism related to abort detection.
v2.105.31 fixThis patch release primarily addresses a type-checking issue within the authentication module.
v3.0.0-next.241 fixThis release focuses on fixing type-checking issues related to OAuth and CustomProvider authentication types.
v3.0.0-next.23This was a version bump only, there were no code changes.
v2.105.25 fixesThis patch release focuses on bug fixes, including improvements to authentication timeout forwarding, JSON serialization for WebAuthnError, and unification of Postgrest insert/upsert signatures.
v2.105.2-canary.4This was a version bump only, there were no code changes.
v3.0.0-next.22This was a version bump only, there were no code changes.
v2.105.2-canary.3This was a version bump only, there were no code changes.
v3.0.0-next.21This was a version bump only, there were no code changes.
v2.105.2-canary.23 fixesThis canary release focuses on minor fixes, including improving JSON serialization for WebAuthnError and unifying PostgREST insert/upsert signatures.
v3.0.0-next.201 fixThis release primarily focuses on a bug fix related to JSON serialization for WebAuthnError.
v3.0.0-next.191 fixThis release primarily focuses on a bug fix related to forwarding the lockAcquireTimeout setting within the authentication module.
v2.105.2-canary.11 fixThis canary release primarily fixes an issue by forwarding the lockAcquireTimeout setting to the SupabaseAuthClient.
v3.0.0-next.182 fixesThis release focuses on internal cleanup by reducing 'any' usage and standardizing the Postgrest insert/upsert API signatures.
v3.0.0-next.17Breaking1 fixThis release primarily focuses on improving error handling within the postgrest client by ensuring all processResponse errors are wrapped in PostgrestError instances, which constitutes a breaking change for error handling logic.
v2.105.2-canary.01 fixThis canary release primarily addresses a fix related to widening enum-like unions for better forward compatibility.
v3.0.0-next.16This was a version bump only, there were no code changes.
v3.0.0-next.15Breaking3 fixesThis release introduces a significant change in the Storage `exists` method behavior, preventing errors when files are not found, and improves Realtime error surfacing and enum compatibility.
v2.105.12 fixesThis patch release addresses regressions in postgrest query handling and improves error surfacing for realtime transport issues.
v2.105.1-canary.21 fixThis canary release primarily addresses a bug in the realtime module by correctly surfacing transport-level errors.
v3.0.0-next.141 fixThis release focuses on a bug fix within the realtime transport layer to correctly surface errors.
Common Errors
SelectQueryError6 reportsSelectQueryError in supabase-auth usually arises from type mismatches when the TypeScript compiler infers incorrect types after a database operation like `rpc()` or joins involving different schemas. To fix it, explicitly cast the returned data to the correct TypeScript type using `as` or define a more specific function return type using generics, ensuring the compiler understands the structure of the data you're selecting. This guarantees the expected schema and data types are aligned, resolving the mismatch.
AuthSessionMissingError3 reportsThe "AuthSessionMissingError" usually occurs when the app tries to access or manipulate an authentication session (like signing out) before a session has been properly initialized or is no longer valid (e.g., expired or cleared). To fix this, ensure you have a valid Supabase client initialized and that a user session exists before attempting operations like signOut. If the session might be expired or cleared, handle the error gracefully by checking for a valid session before calling `signOut` or re-authenticating the user.
StorageUnknownError3 reportsThe "StorageUnknownError" in supabase-auth often arises from inconsistent or corrupted data in the storage bucket's metadata or underlying storage system, or from temporary unavailability/glitches in Supabase's storage service. To resolve, try retrying the operation (especially uploads) after a short delay to see if it was transient; if the error persists, investigate and consider refreshing/resetting your storage bucket, using Supabase's dashboard, if data corruption is suspected. If that doesn't fix it, contact Supabase support.
AuthApiError3 reportsThe "AuthApiError" in supabase-auth often arises from incorrect or missing configuration, particularly with environment variables or authentication providers. Double-check that your Supabase project URL and anon key are correctly set in your application and that any external authentication providers (like Google, phone auth) are properly configured and enabled in your Supabase project dashboard. Verify that your code handling authentication flows, especially `exchangeCodeForSession` or similar methods, correctly provides all required parameters like the auth code and code verifier (if applicable), ensuring they are non-empty.
FunctionsRelayError1 reportFunctionsRelayError usually indicates a mismatch between the supabase-js client version and the Supabase project's Functions relay version, or a misconfiguration in the Functions URL. Upgrade your supabase-js client to the latest version matching your project's expected Functions relay and diligently verify that your Functions URL in the client's configuration is correct and accessible. Ensure that the Supabase Functions runtime URL is correctly set in your Supabase project settings.
ReferenceError1 reportThe "ReferenceError: window is not defined" error usually occurs because `window` is a browser-specific object and your code is running in a server-side environment (like Next.js SSR, Node.js) where it doesn't exist. To fix this, conditionally use browser-specific code only when running in the browser, commonly achieved using a check like `typeof window !== 'undefined'` before accessing `window` or by lazy-loading the supabase-auth client within a `useEffect` hook in React/Next.js. If using Next.js, consider using dynamic imports with `ssr: false`.
Related Backend & Infra Packages
Production-Grade Container Scheduling and Management
Node.js JavaScript runtime ✨🐢🚀✨
Promise based HTTP client for the browser and node.js
A modern runtime for JavaScript and TypeScript.
Deliver web apps with confidence 🚀
Incredibly fast JavaScript runtime, bundler, test runner, and package manager – all in one
Subscribe to Updates
Get notified when new versions are released