AuthSessionMissingError: Auth session missing

[QuDaMyker]

I make a feature ResetPassword in Flutter, when usser request reset password, a email sent to users contains a link to reset

/// Code Flutter
Future<Either<FailModel, bool>> resetPassword({required String email}) async {
    try {
      await supabase.auth.resetPasswordForEmail(
        email,
      );
      return Right(true);
    } catch (e) {
      debugPrint('[AuthController][resetPassword]: ${e.toString()}');
      return Left(FailModel(message: e.toString()));
    }
  }

// code in react web
const supabase = createClient(
  supabaseUrl,
  supabaseKey,
);

async function updatePassword(newPassword) {
  try {
    const { data, error } = await supabase.auth.updateUser({
      password: newPassword,
    });

    if (error) {
      console.error("Error updating password:", error);
      return { error };
    }

    console.log("Password update successful:", data);
    return { data };
  } catch (error) {
    console.error("Unexpected error:", error);
    return { error };
  }
}

export { updatePassword };

I meet a bug in picture, help me with this bug please

[rajnikantwebdev]

Getting the same error, I am using supabase in Next Js as I login and and move to other routes, I lost the access of session somehow. It works for the first time only.

[jagnani73]

Facing the same error

[shadeemerhi]

Facing the same error!

[QuDaMyker]

Need some helps pleaseaa

[rajnikantwebdev]

Auth session missing means, there is no current user. Verify the login, check if there any access token in the cookies, can you share more about your login method.

[QuDaMyker]

I followed to document on Official Supabase to reset the password (Flutter), an email contain a link to reset password sent, user clicked this link to navigate to website custom to reset (certainly, don't have step login there)

[faithandjs]

I have the same error. There is access token in cookies

[dshukertjr]

supabase_flutter and @supabase/ssr both use the PKCE flow by default, which disallows the sign-in to be complete if the sign-in flow was started in one environment (device / browser etc), and the sign-in link was clicked in another environment. You can use the implicit flow if you want to start the sign-in flow in one environment and complete it in another.

You an set what flow to use in the createClient or Supabase.initialize call.

[ThoundsN]

I have the same error , I think I am gonna give up on supabase auth

[FocusCookie]

I had a similar issue today that the session was not forwarded to my middleware in nextjs. After a long day of debugging and searching I went into the supabase discord and I found this posting:

supabase/ssr@7dc1837

Try to use npm i @supabase/ssr@patched for version 4.0.1 this fixes the issue with password recovery

[infinia-yzl]

Life saver. Would have lost more hours on this if not for this post. Thank you ❤️

[Pokeko]

Thank you so much. I hate when it's about something you can't think about :(

[AhamSammich]

Solved my issues! Thanks!

[Vri6500]

wow, thank you for saving me! I already lost 3 hours on this

[JiayiLiuCA]

Saved my day! Thank you!

[rozabond]

I had a similar issues and just solved it from reddit and other forum..

'<'h2'>Reset Password<'/h2'>'

'<'p'>Follow this link to reset the password for your user:<'/p'>'
'<'p'><'a' href="{{ .SiteURL }}?token_hash={{ .TokenHash }}&type=email&redirectUrl={{ .RedirectTo }}&email={{.Email}}&token={{.Token}}">Reset Password<'/a'><'/p'>'
'<'p>{{ .Token }}<'/p'>'

used this email template for reset password to get the token!.

Used the token to sign in to the supabase via upabase.auth.verifyOtp()

The rest work like magic :)

[RemyNtshaykolo]

I’ve spent a considerable amount of time troubleshooting this issue on React Native/Expo, and here’s the solution that finally worked for me. Basically this catch the supabase deeplink redirection and iniatiate a user session using the access token and refresh token included in the redirection url.
I found the solution here : https://blog.theodo.com/2023/03/supabase-reset-password-rn/

import * as Linking from "expo-linking";

Linking.addEventListener("url", async (event) => {
  const parseSupabaseUrl = (url: string) => {
    let parsedUrl = url;
    if (url.includes("#")) {
      parsedUrl = url.replace("#", "?");
    }
    return Linking.parse(parsedUrl);
  };
  const url = parseSupabaseUrl(event.url);

  console.log("parsed url", url);

  const { data: setSessionData, error: setSessionError } =
    await supabase.auth.setSession({
      access_token: url.queryParams.access_token,
      refresh_token: url.queryParams.refresh_token,
    });
  console.log("setSessionData", setSessionData);
  console.log("setSessionError", setSessionError);
});

[gpiechnik2]

I also encountered the same error, but it is simple to solve. Case:

1. a user wants to reset his password, so he fills out a reset form.
2. an email address arrives with the password reset link
3. the user is redirected to a page where he enters the password

So far everything is well described here:

https://supabase.com/docs/guides/auth/passwords?queryGroups=language&language=js

Then there is an error with the session, because the documentation lacks information on how to handle it correctly. My working example:

/api/auth/new-password/route.ts

import { NextResponse } from 'next/server'
import { createClient } from '@/utils/supabase/server'

export async function POST(request: Request) {
    const requestUrl = new URL(request.url)
    const formData = await request.formData()
    const password = String(formData.get('password'))
    const code = requestUrl.searchParams.get('code')

    if (code) {
        const supabase = createClient()
        await supabase.auth.exchangeCodeForSession(code)

        const { data, error } = await supabase.auth.updateUser({
            password: password
        })

        if (error) {
            return NextResponse.json({ error: error }, { status: 500 })
        }
    }

    return NextResponse.redirect(new URL('/dashboard/library', request.url), {
        status: 302,
    })
}

[gpiechnik2]

Also, for some unknown for me reasons avoid using:

const { data, error } = await supabase.auth.getUser()

instead do:

const {
    data: { user },
  } = await supabase.auth.getUser();

I wrote "unknown", because I noticed that when I use the first way, I get the same error as in the thread (it seems to be some problem affecting different use cases)

[phillipo6]

In case anyone stumbles upon this, i had the same error. My problem was setting the siteurl in supabase to 127.0.0.1 and using localhost to access my nextjs frontend. fixed it once i was using the same hostname/ip

[CarrettaRiccardo]

For me it was a situation where i created a supabase createServerClient with SERVICE_ROLE_KEY (without user's cookies) and tried to execute a supabase.auth.updateUser() (which is tied to the user's cookies)

[bigyankarki]

I was working on a mobile app, and my reset password flow was in a site. So i just used this const { data, error } = await this.supabase.auth.admin.updateUserById(userId, { password }); to reset the password in backend.

[skiunke]

I had a similar problem when I forgot to check if a session was available when calling the refresh JWT endpoint.