fix: resolve authentication issues in production - replace deprecated auth-helpers with modern SSR - fix PKCE flow to use server-side instead of client-side - update environment variable handling for production vs development - fix OAuth callback route and component imports - remove @supabase/auth-helpers-nextjs dependency - resolves 401 Unauthorized PKCE errors

Author: frckbrice

env.example

@@ -1,8 +1,21 @@
-# Local Supabase Configuration
+# Environment Configuration
+NODE_ENV=development
+
+# Site URL Configuration
 NEXT_PUBLIC_SITE_URL=http://localhost:3000
+
+# Local Supabase Configuration (Development)
 NEXT_PUBLIC_SUPABASE_URL=http://localhost:5430
 NEXT_PUBLIC_SUPABASE_ANON_KEY=your-supabase-anon-key
-SUPABASE_SERVICE_ROLE_KEY=your-supabase-service-role-key
+NEXT_PUBLIC_SUPABASE_REALTIMEURL=http://localhost:5430
+NEXT_PUBLIC_SERVICE_ROLE_KEY=your-supabase-service-role-key
+
+# Production Supabase Configuration (Production)
+SUPABASE_URL=https://your-project.supabase.co
+SUPABASE_ANON_KEY=your-production-anon-key
+SUPABASE_ROLE_KEY=your-production-service-role-key
+SUPABASE_DATABASE_URL=postgresql://postgres:[password]@db.[project-ref].supabase.co:5432/postgres
+SUPABASE_PROJECT_ID=your-project-id
 
 # Database Configuration
 NEXT_PUBLIC_DATABASE_URL=postgres://postgres:postgres@localhost:54322/postgres

package.json

@@ -43,7 +43,6 @@
     "@radix-ui/react-toast": "^1.1.5",
     "@radix-ui/react-tooltip": "^1.0.7",
     "@stripe/stripe-js": "^4.0.0",
-    "@supabase/auth-helpers-nextjs": "^0.10.0",
     "@supabase/realtime-js": "^2.10.2",
     "@supabase/ssr": "^0.3.0",
     "@supabase/supabase-js": "^2.44.3",

src/app/api/auth/callback/route.ts

@@ -1,83 +1,61 @@
-// import { NextRequest, NextResponse } from 'next/server';
-// import { createClient } from '@/utils/server';
-
-// export async function POST(request: NextRequest) {
-//   try {
-//     console.log('Auth callback - Starting POST request');
-//     const supabase = await createClient();
-//     const { searchParams } = new URL(request.url);
-//     const code = searchParams.get('code');
-//     const error = searchParams.get('error') || searchParams.get('error_description');
-
-//     console.log('Auth callback - Code:', code ? 'present' : 'missing');
-//     console.log('Auth callback - Error:', error || 'none');
-
-//     if (error) {
-//       console.error('Auth callback error:', error);
-//       return NextResponse.redirect(
-//         new URL(`/login?error=${encodeURIComponent(error)}`, request.url)
-//       );
-//     }
-
-//     if (code) {
-//       console.log('Auth callback - Attempting to exchange code for session');
-//       const { data, error: exchangeError } = await supabase.auth.exchangeCodeForSession(code);
-
-//       console.log('Auth callback - Exchange result:', {
-//         success: !exchangeError,
-//         error: exchangeError?.message,
-//         user: data?.user ? 'present' : 'missing',
-//       });
-
-//       if (exchangeError) {
-//         console.error('Code exchange error:', exchangeError);
-//         return NextResponse.redirect(new URL('/login?error=auth_failed', request.url));
-//       }
-
-//       if (data?.user) {
-//         console.log('Auth callback - Successfully authenticated user:', data.user.email);
-//         // Successful authentication
-//         return NextResponse.redirect(new URL('/dashboard', request.url));
-//       } else {
-//         console.error('Auth callback - No user data after successful exchange');
-//         return NextResponse.redirect(new URL('/login?error=no_user_data', request.url));
-//       }
-//     }
-
-//     // No code or error provided
-//     console.error('Auth callback - No code provided');
-//     return NextResponse.redirect(new URL('/login?error=invalid_callback', request.url));
-//   } catch (error) {
-//     console.error('Auth callback - Unexpected error:', error);
-//     return NextResponse.redirect(new URL('/login?error=server_error', request.url));
-//   }
-// }
-
-// export async function GET(request: NextRequest) {
-//   // Handle GET requests (for direct browser navigation)
-//   return POST(request);
-// 
-
-import { NextResponse } from 'next/server';
-import { createRouteHandlerClient } from '@supabase/auth-helpers-nextjs';
-import { cookies } from 'next/headers';
-
-export async function GET(request: Request) {
-  const url = new URL(request.url);
-  const code = url.searchParams.get('code');
-  const error = url.searchParams.get('error');
-
-  if (error) {
-    return NextResponse.redirect(new URL(`/login?error=${error}`, request.url));
-  }
-
-  if (code) {
-    const supabase = createRouteHandlerClient({ cookies });
-    await supabase.auth.exchangeCodeForSession(code);
-    return NextResponse.redirect(new URL('/dashboard', request.url));
+import { NextRequest, NextResponse } from 'next/server';
+import { createClient } from '@/utils/server';
+
+export async function POST(request: NextRequest) {
+  try {
+    console.log('Auth callback - Starting POST request');
+    const supabase = await createClient();
+    const { searchParams } = new URL(request.url);
+    const code = searchParams.get('code');
+    const error = searchParams.get('error') || searchParams.get('error_description');
+
+    console.log('Auth callback - Code:', code ? 'present' : 'missing');
+    console.log('Auth callback - Error:', error || 'none');
+
+    if (error) {
+      console.error('Auth callback error:', error);
+      return NextResponse.redirect(
+        new URL(`/login?error=${encodeURIComponent(error)}`, request.url)
+      );
+    }
+
+    if (code) {
+      console.log('Auth callback - Attempting to exchange code for session');
+      const { data, error: exchangeError } = await supabase.auth.exchangeCodeForSession(code);
+
+      console.log('Auth callback - Exchange result:', {
+        success: !exchangeError,
+        error: exchangeError?.message,
+        user: data?.user ? 'present' : 'missing',
+      });
+
+      if (exchangeError) {
+        console.error('Code exchange error:', exchangeError);
+        return NextResponse.redirect(new URL('/login?error=auth_failed', request.url));
+      }
+
+      if (data?.user) {
+        console.log('Auth callback - Successfully authenticated user:', data.user.email);
+        // Successful authentication
+        return NextResponse.redirect(new URL('/dashboard', request.url));
+      } else {
+        console.error('Auth callback - No user data after successful exchange');
+        return NextResponse.redirect(new URL('/login?error=no_user_data', request.url));
+      }
+    }
+
+    // No code or error provided
+    console.error('Auth callback - No code provided');
+    return NextResponse.redirect(new URL('/login?error=invalid_callback', request.url));
+  } catch (error) {
+    console.error('Auth callback - Unexpected error:', error);
+    return NextResponse.redirect(new URL('/login?error=server_error', request.url));
   }
+}
 
-  return NextResponse.redirect(new URL('/login?error=missing_code', request.url));
+export async function GET(request: NextRequest) {
+  // Handle GET requests (for direct browser navigation)
+  return POST(request);
 }
 
 

src/app/api/auth/test/route.ts

@@ -0,0 +1,52 @@
+import { NextResponse } from 'next/server';
+import { createClient } from '@/utils/server';
+
+export async function GET() {
+  try {
+    console.log('Testing Supabase connection...');
+    
+    const supabase = await createClient();
+    
+    // Test basic connection
+    const { data: { user }, error: userError } = await supabase.auth.getUser();
+    
+    if (userError) {
+      console.error('Auth error:', userError);
+      return NextResponse.json({ 
+        success: false, 
+        error: userError.message,
+        type: 'auth_error'
+      }, { status: 500 });
+    }
+    
+    // Test database connection
+    const { data: dbData, error: dbError } = await supabase
+      .from('users')
+      .select('count')
+      .limit(1);
+    
+    if (dbError) {
+      console.error('Database error:', dbError);
+      return NextResponse.json({ 
+        success: false, 
+        error: dbError.message,
+        type: 'database_error'
+      }, { status: 500 });
+    }
+    
+    return NextResponse.json({ 
+      success: true, 
+      message: 'Supabase connection successful',
+      user: user ? 'authenticated' : 'not_authenticated',
+      database: 'connected'
+    });
+    
+  } catch (error) {
+    console.error('Test route error:', error);
+    return NextResponse.json({ 
+      success: false, 
+      error: error instanceof Error ? error.message : 'Unknown error',
+      type: 'general_error'
+    }, { status: 500 });
+  }
+}

src/components/features/auth/forgot-password/index.tsx

@@ -4,7 +4,7 @@ import { useState } from 'react';
 import { Button } from '@/components/ui/button';
 import { Input } from '@/components/ui/input';
 import { toast } from 'sonner';
-import { createClientComponentClient } from '@supabase/auth-helpers-nextjs';
+import { createClient } from '@/utils/client';
 import Link from 'next/link';
 import Image from 'next/image';
 
@@ -15,7 +15,7 @@ export default function ForgotPasswordPage() {
   const handleSubmit = async (e: React.FormEvent) => {
     e.preventDefault();
     setLoading(true);
-    const supabase = createClientComponentClient();
+    const supabase = createClient();
     const { error } = await supabase.auth.resetPasswordForEmail(email, {
       redirectTo: `${window.location.origin}/reset-password`,
     });

src/components/features/auth/reset-password/index.tsx

@@ -5,7 +5,7 @@ import { useRouter, useSearchParams } from 'next/navigation';
 import { Button } from '@/components/ui/button';
 import { Input } from '@/components/ui/input';
 import { toast } from 'sonner';
-import { createClientComponentClient } from '@supabase/auth-helpers-nextjs';
+import { createClient } from '@/utils/client';
 import Link from 'next/link';
 import Image from 'next/image';
 
@@ -17,7 +17,7 @@ export default function ResetPasswordPage() {
   const handleSubmit = async (e: React.FormEvent) => {
     e.preventDefault();
     setLoading(true);
-    const supabase = createClientComponentClient();
+    const supabase = createClient();
     const { error } = await supabase.auth.updateUser({ password });
     setLoading(false);
     if (error) {

src/components/features/side-bar/components/side-bar.tsx

@@ -1,20 +1,19 @@
 import * as React from 'react';
-import { cookies } from 'next/headers';
-import {
-  getCollaboratingWorkspaces,
-  getFolders,
-  getPrivateWorkspaces,
-  getSharedWorkspaces,
-  getUserSubscriptionStatus,
-} from '@/lib/supabase/queries';
 import { twMerge } from 'tailwind-merge';
 import WorkSpaceDropdown from '../../main/workspace';
 import PlanUsage from './plan-usage';
 import NativeNavigation from './native-navigation';
 import { ScrollArea } from '@/components/ui/scroll-area';
 import FoldersDropdownList from './folders-dropdown-list';
 import UserCard from './user-card';
-import { createServerComponentClient } from '@supabase/auth-helpers-nextjs';
+import { createClient } from '@/utils/server';
+import {
+  getCollaboratingWorkspaces,
+  getFolders,
+  getPrivateWorkspaces,
+  getSharedWorkspaces,
+  getUserSubscriptionStatus,
+} from '@/lib/supabase/queries';
 
 interface ISidebarProps {
   params: Promise<{ workspaceId: string }>;
@@ -25,7 +24,7 @@ const Sidebar = async ({ params, className }: ISidebarProps) => {
   // Await the params object to fix Next.js dynamic API issue
   const { workspaceId } = await params;
 
-  const supabase = createServerComponentClient({ cookies });
+  const supabase = await createClient();
 
   //user
   const {

src/components/features/side-bar/components/user-card.tsx

@@ -6,7 +6,7 @@ import CypressProfileIcon from '../../../icons/cypressProfileIcon';
 import { ModeToggle, LogoutButton } from '../../../global-components';
 import { LogOut } from 'lucide-react';
 import { Loader } from '@/components/global-components';
-import { createServerComponentClient } from '@supabase/auth-helpers-nextjs';
+import { createClient } from '@/utils/server';
 import { Tooltip, TooltipContent, TooltipProvider, TooltipTrigger } from '@/components/ui/tooltip';
 import { postgrestGet } from '@/utils/client';
 
@@ -15,7 +15,7 @@ interface UserCardProps {
 }
 
 const UserCard = async ({ subscription }: UserCardProps) => {
-  const supabase = createServerComponentClient({ cookies });
+  const supabase = await createClient();
   const {
     data: { user },
   } = await supabase.auth.getUser();

src/lib/server-action/auth-action.ts

@@ -80,10 +80,19 @@ export async function actionLoginUser({ email, password }: z.infer<typeof FormSc
 export async function socialLogin(provider: 'google' | 'github') {
   const supabase = await createClient();
   console.log('\n\nprovider', provider);
+
+  // Use server-side OAuth flow to avoid PKCE issues
   const { data, error } = await supabase.auth.signInWithOAuth({
     provider,
     options: {
       redirectTo: `${process.env.NEXT_PUBLIC_SITE_URL}/api/auth/callback`,
+      // Force server-side flow to avoid PKCE issues
+      flowType: 'pkce',
+      // Ensure we're using the correct site URL
+      queryParams: {
+        access_type: 'offline',
+        prompt: 'consent',
+      },
     },
   });
 

src/utils/client.ts

@@ -1,14 +1,47 @@
 import { createBrowserClient } from '@supabase/ssr';
 
+// Determine the correct Supabase URL and key based on environment
+const getSupabaseConfig = () => {
+  if (typeof window !== 'undefined') {
+    // Client-side: always use NEXT_PUBLIC variables
+    return {
+      url: process.env.NEXT_PUBLIC_SUPABASE_URL!,
+      anonKey: process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,
+    };
+  }
+  
+  // Server-side: use environment-specific variables
+  if (process.env.NODE_ENV === 'production') {
+    return {
+      url: process.env.SUPABASE_URL!,
+      anonKey: process.env.SUPABASE_ANON_KEY!,
+    };
+  }
+  
+  return {
+    url: process.env.NEXT_PUBLIC_SUPABASE_URL!,
+    anonKey: process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,
+  };
+};
+
+const config = getSupabaseConfig();
+
 export const client = createBrowserClient(
-  process.env.NEXT_PUBLIC_SUPABASE_URL!,
-  process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,
+  config.url,
+  config.anonKey,
   {
     realtime: {
       params: {
         eventsPerSecond: 2,
       },
     },
+    auth: {
+      // Ensure proper auth flow
+      flowType: 'pkce',
+      autoRefreshToken: true,
+      persistSession: true,
+      detectSessionInUrl: true,
+    },
   }
 );