Change8

Supabase Auth

Backend & Infra

An isomorphic Javascript client for Supabase. Query your Supabase database, subscribe to realtime events, upload and download files, browse typescript examples, invoke postgres functions via rpc, invoke supabase edge functions, query pgvector.

Latest: v2.110.6-canary.0100 releases4 breaking changes13 common errorsView on GitHub

Release History

v2.110.6-canary.0
5h ago
v2.110.5
8h ago
v2.110.4
13h ago
v2.110.4-canary.0
13h ago
v2.110.3
Jul 13, 2026
v2.110.3-canary.1
Jul 13, 2026
v2.110.3-canary.0
Jul 10, 2026
v2.110.21 fix
Jul 9, 2026

This patch release primarily addresses an issue in the auth module where local sessions were not being cleared during signout failures.

v2.110.2-canary.01 fix
Jul 7, 2026

This canary release primarily addresses a bug in the auth module where local sessions were not being cleared during signout failures.

v2.110.12 fixes
Jul 7, 2026

This patch release addresses minor issues in auth and realtime modules, specifically concerning initialization notifications and heartbeat status reporting.

v2.110.1-canary.02 fixes
Jul 7, 2026

This canary release addresses two minor bugs related to initialization timing in Auth and status handling in Realtime subscriptions.

v2.110.0Breaking
Jun 30, 2026

This release drops support for Node.js 20, requiring users to upgrade their runtime environment to Node.js 21 or newer.

v2.110.0-canary.01 feature
Jun 30, 2026

This canary release primarily removes support for Node.js 20.

v2.109.04 fixes3 features
Jun 30, 2026

This release introduces new filtering capabilities for Realtime Postgres changes and exposes cache purging in Storage. Several minor fixes address Content-Type handling in Functions and dependency pinning in Realtime.

v2.108.3-canary.2
Jun 19, 2026

This was a version bump only, there were no code changes.

v2.108.3-canary.12 fixes
Jun 18, 2026

This canary release primarily addresses two bug fixes: ensuring Content-Type overrides are respected in functions and maintaining default sorting behavior in storage list operations.

v2.108.3-canary.01 fix
Jun 17, 2026

This canary release primarily addresses dependency management by pinning specific dependencies within the realtime module.

v2.108.22 fixes
Jun 15, 2026

This patch release focuses on stability fixes, specifically addressing session preservation during auth failures and clarifying realtime error messages.

v2.108.2-canary.5
Jun 15, 2026

This was a version bump only, there were no code changes.

v2.108.2-beta.52 fixes
Jun 12, 2026

This beta release focuses on stability fixes, specifically addressing session handling during auth refresh failures and clarifying realtime error messages.

v2.108.2-canary.41 fix
Jun 12, 2026

This canary release primarily addresses a clarification for a 404 error and server migration note within the realtime module.

v2.108.2-canary.3
Jun 11, 2026

This was a version bump only, there were no code changes.

v2.108.2-canary.21 fix
Jun 11, 2026

This canary release primarily focuses on restoring and enabling JSR publish flags for beta testing.

v2.108.2-beta.13 fixes
Jun 11, 2026

This beta release primarily focuses on fixing authentication session handling during refresh failures and stabilizing the release process by pinning Deno and adjusting JSR publishing flags.

v2.108.2-canary.11 fix
Jun 11, 2026

This canary release addresses an issue by pinning Deno and bounding JSR publish to prevent stranded-task hangs.

v2.108.2-beta.02 fixes
Jun 11, 2026

This beta release focuses on stability fixes, specifically addressing session preservation during authentication failures and improving the reliability of the release process.

v2.108.2-canary.01 fix
Jun 11, 2026

This canary release addresses a bug in the authentication module related to session handling during refresh failures.

v2.108.12 fixes
Jun 9, 2026

This patch release primarily addresses CI configuration and fixes a typing issue within the Postgrest module.

v2.108.1-canary.2
Jun 9, 2026

This was a version bump only, there were no code changes.

v2.108.1-canary.11 fix
Jun 8, 2026

This canary release primarily addresses a typing issue within the postgrest module.

v2.108.1-canary.01 fix
Jun 8, 2026

This canary release primarily addresses a CI configuration issue by forwarding the DOGFOOD_APP_CLIENT_ID environment variable.

v2.108.02 fixes1 feature
Jun 8, 2026

This release introduces a consistent confirmation flow for auth.resend() and improves compatibility for request headers in postgrest operations.

v2.108.0-canary.02 fixes1 feature
Jun 4, 2026

This canary release introduces a consistent confirmation flow for auth.resend() and fixes issues related to error logging and header passing for React Native compatibility.

v2.107.06 fixes3 features
Jun 2, 2026

This release updates authentication mechanisms, enhances Realtime payload handling, and refines error reporting in Postgrest. It also updates the X-Client-Info header format.

v2.107.0-canary.6
Jun 2, 2026

This was a version bump only, there were no code changes.

v2.107.0-canary.51 fix
Jun 2, 2026

This canary release primarily addresses an internal publishing fix related to the gotrue-js legacy mirror.

v2.107.0-beta.76 fixes3 features
Jun 2, 2026

This beta release introduces structured metadata for X-Client-Info, allows binary payloads in Realtime httpSend, and fixes several authentication and Postgrest error handling issues.

v2.107.0-canary.41 fix
Jun 2, 2026

This canary release primarily addresses an internal dependency pinning issue related to JSR publishing.

v2.107.0-beta.64 fixes3 features
Jun 2, 2026

This beta release introduces a new structured metadata format for X-Client-Info, allows binary payloads in realtime httpSend, and fixes several authentication and PostgREST error handling issues.

v2.107.0-canary.3
Jun 2, 2026

This was a version bump only, there were no code changes.

v2.107.0-canary.21 fix
Jun 2, 2026

This canary release reverts a previous fix related to encoding client-id in oauth requests.

v2.107.0-canary.11 feature
Jun 1, 2026

This canary release introduces a significant change to the authentication system by replacing the navigator.locks-based mutex with a commit guard and dispose() mechanism.

v2.107.0-canary.01 fix2 features
Jun 1, 2026

This canary release introduces the ability to send binary payloads via httpSend in realtime and updates the X-Client-Info header format for better metadata reporting.

v2.106.3-canary.21 fix
May 28, 2026

This canary release primarily addresses a bug in Postgrest handling of non-JSON bodies in successful responses.

v2.106.3-canary.1
May 28, 2026

This was a version bump only, there were no code changes.

v2.106.3-canary.01 fix
May 28, 2026

This canary release fixes an issue in the Auth module where expired JWTs were not correctly resulting in an AuthInvalidJwtError from getClaims.

v2.107.0-beta.1
May 27, 2026

This release was a version bump only, containing no functional code changes.

v2.107.0-beta.0
May 26, 2026

This release was solely a version bump with no accompanying code changes.

v2.106.22 fixes
May 25, 2026

This patch release fixes an issue with the auth signup response and improves compatibility for React Native environments using Hermes.

v2.106.2-canary.1
May 22, 2026

This was a version bump only, there were no code changes.

v2.106.2-canary.02 fixes
May 22, 2026

This canary release primarily focuses on fixing an issue with the auth signup user response and improving compatibility for React Native environments.

v2.106.2-beta.2
May 22, 2026

This release was a version bump only, containing no functional code changes.

v2.106.2-beta.0
May 21, 2026

This release was solely a version bump with no accompanying code changes.

v2.106.12 fixes
May 20, 2026

This patch release fixes an issue with client-id encoding in OAuth requests and hides dynamic imports from hermesc.

v2.106.1-canary.11 fix
May 20, 2026

This canary release primarily addresses an internal issue by hiding a dynamic import from hermesc.

v2.106.1-beta.32 fixes
May 20, 2026

This beta release primarily focuses on bug fixes, including ensuring the client-id is encoded in OAuth requests and resolving an OpenTelemetry import issue.

v2.106.1-canary.01 fix
May 20, 2026

This canary release fixes an issue where the client-id was not being encoded correctly in OAuth requests.

v2.106.1-beta.22 fixes
May 20, 2026

This patch release primarily focuses on bug fixes, including correctly encoding the client-id in OAuth requests and resolving an OpenTelemetry import issue.

v2.106.1-beta.11 fix
May 19, 2026

This beta release primarily focuses on minor fixes, including resolving an issue with OpenTelemetry imports.

v2.106.1-beta.02 fixes
May 19, 2026

This beta release (2.106.1-beta.0) primarily addresses an OpenTelemetry import issue and includes the addition of new tests.

v2.106.03 fixes1 feature
May 18, 2026

This release introduces W3C/OpenTelemetry trace context propagation for Supabase and includes several fixes related to auth verification and storage stream handling.

v2.106.0-canary.4
May 15, 2026

This release was solely a version bump with no accompanying code changes.

v2.106.0-canary.3
May 15, 2026

This release was solely a version bump with no accompanying code changes.

v2.106.0-canary.2
May 14, 2026

This release was solely a version bump with no accompanying code changes.

v2.105.5-beta.101 fix1 feature
May 14, 2026

This beta release introduces W3C/OpenTelemetry trace context propagation for Supabase operations and addresses internal packaging for the tracing module.

v2.106.0-canary.11 fix
May 13, 2026

This canary release primarily focuses on internal maintenance by marking the @supabase/tracing package as private and snapshotting it for JSR.

v2.105.5-beta.91 fix1 feature
May 13, 2026

This beta release introduces W3C/OpenTelemetry trace context propagation support for Supabase and addresses internal packaging for the tracing module.

v2.106.0-canary.01 feature
May 13, 2026

This canary release introduces W3C/OpenTelemetry trace context propagation support for Supabase operations.

v2.105.5-beta.8
May 13, 2026

This release (2.105.5-beta.8) was strictly a version bump with no accompanying code changes.

v2.105.5-beta.5
May 13, 2026

This release was a version bump only, containing no functional code changes.

v3.0.0-next.29
May 11, 2026

This was a version bump only, there were no code changes.

v2.105.5-beta.0Breaking14 fixes2 features
May 11, 2026

This beta release introduces significant new features including WebAuthn passkey support in Auth and deferred disconnect in Realtime. It also includes several bug fixes, notably ensuring consistent error wrapping in Postgrest and changing the behavior of the Storage exists method.

v2.105.43 fixes
May 8, 2026

This patch release focuses on stability fixes across Auth, Postgrest, and Realtime modules, addressing issues related to JSON parsing, fetch abort detection, and storage access.

v2.105.4-canary.2
May 8, 2026

This was a version bump only, there were no code changes.

v3.0.0-next.28
May 8, 2026

This was a version bump only, there were no code changes.

v3.0.0-next.271 fix
May 8, 2026

This release primarily focuses on a bug fix related to accessing sessionStorage in restricted-storage browsers within the realtime functionality.

v2.105.4-canary.11 fix
May 8, 2026

This canary release primarily addresses a bug related to accessing sessionStorage in restricted-storage browsers within the realtime functionality.

v2.105.4-canary.02 fixes
May 8, 2026

This canary release primarily addresses bug fixes in the auth and postgrest modules, specifically handling JSON parsing failures and abort detection in fetch operations.

v3.0.0-next.261 fix
May 7, 2026

This release primarily addresses a bug in the auth module where getItemAsync failed on JSON parse errors, now correctly returning null.

v3.0.0-next.251 fix
May 7, 2026

This release primarily focuses on fixing an issue in the postgrest fetch catch mechanism related to abort detection.

v2.105.31 fix
May 4, 2026

This patch release primarily addresses a type-checking issue within the authentication module.

v3.0.0-next.241 fix
May 4, 2026

This release focuses on fixing type-checking issues related to OAuth and CustomProvider authentication types.

v3.0.0-next.23
May 4, 2026

This was a version bump only, there were no code changes.

v2.105.25 fixes
May 4, 2026

This patch release focuses on bug fixes, including improvements to authentication timeout forwarding, JSON serialization for WebAuthnError, and unification of Postgrest insert/upsert signatures.

v2.105.2-canary.4
May 4, 2026

This was a version bump only, there were no code changes.

v3.0.0-next.22
May 4, 2026

This was a version bump only, there were no code changes.

v2.105.2-canary.3
May 4, 2026

This was a version bump only, there were no code changes.

v3.0.0-next.21
May 4, 2026

This was a version bump only, there were no code changes.

v2.105.2-canary.23 fixes
May 4, 2026

This canary release focuses on minor fixes, including improving JSON serialization for WebAuthnError and unifying PostgREST insert/upsert signatures.

v3.0.0-next.201 fix
May 4, 2026

This release primarily focuses on a bug fix related to JSON serialization for WebAuthnError.

v3.0.0-next.191 fix
May 4, 2026

This release primarily focuses on a bug fix related to forwarding the lockAcquireTimeout setting within the authentication module.

v2.105.2-canary.11 fix
May 4, 2026

This canary release primarily fixes an issue by forwarding the lockAcquireTimeout setting to the SupabaseAuthClient.

v3.0.0-next.182 fixes
Apr 30, 2026

This release focuses on internal cleanup by reducing 'any' usage and standardizing the Postgrest insert/upsert API signatures.

v3.0.0-next.17Breaking1 fix
Apr 29, 2026

This release primarily focuses on improving error handling within the postgrest client by ensuring all processResponse errors are wrapped in PostgrestError instances, which constitutes a breaking change for error handling logic.

v2.105.2-canary.01 fix
Apr 28, 2026

This canary release primarily addresses a fix related to widening enum-like unions for better forward compatibility.

v3.0.0-next.16
Apr 28, 2026

This was a version bump only, there were no code changes.

v3.0.0-next.15Breaking3 fixes
Apr 28, 2026

This release introduces a significant change in the Storage `exists` method behavior, preventing errors when files are not found, and improves Realtime error surfacing and enum compatibility.

v2.105.12 fixes
Apr 28, 2026

This patch release addresses regressions in postgrest query handling and improves error surfacing for realtime transport issues.

v2.105.1-canary.21 fix
Apr 28, 2026

This canary release primarily addresses a bug in the realtime module by correctly surfacing transport-level errors.

v3.0.0-next.141 fix
Apr 28, 2026

This release focuses on a bug fix within the realtime transport layer to correctly surface errors.

Common Errors

SelectQueryError6 reports

SelectQueryError in supabase-auth usually arises from type mismatches when the TypeScript compiler infers incorrect types after a database operation like `rpc()` or joins involving different schemas. To fix it, explicitly cast the returned data to the correct TypeScript type using `as` or define a more specific function return type using generics, ensuring the compiler understands the structure of the data you're selecting. This guarantees the expected schema and data types are aligned, resolving the mismatch.

AuthSessionMissingError3 reports

The "AuthSessionMissingError" usually occurs when the app tries to access or manipulate an authentication session (like signing out) before a session has been properly initialized or is no longer valid (e.g., expired or cleared). To fix this, ensure you have a valid Supabase client initialized and that a user session exists before attempting operations like signOut. If the session might be expired or cleared, handle the error gracefully by checking for a valid session before calling `signOut` or re-authenticating the user.

StorageUnknownError3 reports

The "StorageUnknownError" in supabase-auth often arises from inconsistent or corrupted data in the storage bucket's metadata or underlying storage system, or from temporary unavailability/glitches in Supabase's storage service. To resolve, try retrying the operation (especially uploads) after a short delay to see if it was transient; if the error persists, investigate and consider refreshing/resetting your storage bucket, using Supabase's dashboard, if data corruption is suspected. If that doesn't fix it, contact Supabase support.

AuthApiError3 reports

The "AuthApiError" in supabase-auth often arises from incorrect or missing configuration, particularly with environment variables or authentication providers. Double-check that your Supabase project URL and anon key are correctly set in your application and that any external authentication providers (like Google, phone auth) are properly configured and enabled in your Supabase project dashboard. Verify that your code handling authentication flows, especially `exchangeCodeForSession` or similar methods, correctly provides all required parameters like the auth code and code verifier (if applicable), ensuring they are non-empty.

FunctionsRelayError1 report

FunctionsRelayError usually indicates a mismatch between the supabase-js client version and the Supabase project's Functions relay version, or a misconfiguration in the Functions URL. Upgrade your supabase-js client to the latest version matching your project's expected Functions relay and diligently verify that your Functions URL in the client's configuration is correct and accessible. Ensure that the Supabase Functions runtime URL is correctly set in your Supabase project settings.

ReferenceError1 report

The "ReferenceError: window is not defined" error usually occurs because `window` is a browser-specific object and your code is running in a server-side environment (like Next.js SSR, Node.js) where it doesn't exist. To fix this, conditionally use browser-specific code only when running in the browser, commonly achieved using a check like `typeof window !== 'undefined'` before accessing `window` or by lazy-loading the supabase-auth client within a `useEffect` hook in React/Next.js. If using Next.js, consider using dynamic imports with `ssr: false`.

Related Backend & Infra Packages

Subscribe to Updates

Get notified when new versions are released

RSS Feed