docs: Update out of date mentions of getUser (supabase#40045)

ChrisChinchilla · web-flow · commit 0831baee6a5f · 2025-11-03T12:46:32.000+01:00
diff --git a/apps/docs/content/guides/auth/server-side/advanced-guide.mdx b/apps/docs/content/guides/auth/server-side/advanced-guide.mdx
@@ -50,7 +50,7 @@ When you receive this error on the server-side, try to defer rendering to the br
 
 The `Max-Age` or `Expires` cookie parameters only control whether the browser sends the value to the server. Since a refresh token represents the long-lived authentication session of the user on that browser, setting a short `Max-Age` or `Expires` parameter on the cookies only results in a degraded user experience.
 
-The only way to ensure that a user has logged out or their session has ended is to get the user's details with `getUser()`.
+The only way to ensure that a user has logged out or their session has ended is to get the user's details with `getUser()`. The `getClaims()` method only checks local JWT validation (signature and expiration), but it doesn't verify with the auth server whether the session is still valid or if the user has logged out server-side.
 
 ### What should I use for the `SameSite` property?
 
diff --git a/apps/docs/content/guides/functions/websockets.mdx b/apps/docs/content/guides/functions/websockets.mdx
@@ -155,7 +155,7 @@ Deno.serve((req) => {
     return new Response('Auth token not provided', { status: 403 })
   }
 
-  const { error, data } = await supabase.auth.getUser(jwt)
+  const { error, data } = await supabase.auth.getClaims()
 
   if (error) {
     console.error(error)
@@ -210,8 +210,7 @@ Deno.serve((req) => {
     return new Response('Auth token not provided', { status: 403 })
   }
 
-  const { error, data } = await supabase.auth.getUser(jwt)
-
+  const { error, data } = await supabase.auth.getClaims()
   if (error) {
     console.error(error)
     return new Response('Invalid token provided', { status: 403 })
diff --git a/apps/docs/content/troubleshooting/should-i-set-a-shorter-max-age-parameter-on-the-cookies-8sbF4V.mdx b/apps/docs/content/troubleshooting/should-i-set-a-shorter-max-age-parameter-on-the-cookies-8sbF4V.mdx
@@ -9,4 +9,4 @@ database_id = "e51bedf0-cdc4-4880-865b-e39c06dfe497"
 
 The `Max-Age` or `Expires` cookie parameters only control whether the browser sends the value to the server. Since a refresh token represents the long-lived authentication session of the user on that browser, setting a short `Max-Age` or `Expires` parameter on the cookies only results in a degraded user experience.
 
-The only way to ensure that a user has logged out or their session has ended is to get the user's details with `getUser()`.
+The only way to ensure that a user has logged out or their session has ended is to get the user's details with `getUser()`. The `getClaims()` method only checks local JWT validation (signature and expiration), but it doesn't verify with the auth server whether the session is still valid or if the user has logged out server-side.

Original file line number	Diff line number	Diff line change
`@@ -9,4 +9,4 @@ database_id = "e51bedf0-cdc4-4880-865b-e39c06dfe497"`
`9`	`9`
`10`	`10`	The `Max-Age` or `Expires` cookie parameters only control whether the browser sends the value to the server. Since a refresh token represents the long-lived authentication session of the user on that browser, setting a short `Max-Age` or `Expires` parameter on the cookies only results in a degraded user experience.
`11`	`11`
`12`		-The only way to ensure that a user has logged out or their session has ended is to get the user's details with `getUser()`.
	`12`	+The only way to ensure that a user has logged out or their session has ended is to get the user's details with `getUser()`. The `getClaims()` method only checks local JWT validation (signature and expiration), but it doesn't verify with the auth server whether the session is still valid or if the user has logged out server-side.