What would be the best way of verifying that a user is logged in?

Lars Hæhre · 2024-07-28T10:54:29.768+00:00

I want to verify that a user is logged in when accessing /dashboard page. Which one of these would you recommend?1. Doing an API call to Supabase (with the active access token) and see that it actually returns data (which would only be available if user is logged in).2. Checking if there is an active access token (somehow, just read if there is an access token stored in the session)?3. Any better options?Appreciate your perspectives on this one!

Lars Hæhre
1 year ago
I want to verify that a user is logged in when accessing /dashboard page. Which one of these would you recommend?

1. Doing an API call to Supabase (with the active access token) and see that it actually returns data (which would only be available if user is logged in).

2. Checking if there is an active access token (somehow, just read if there is an access token stored in the session)?

3. Any better options?

Appreciate your perspectives on this one! 🤩
Patrick Mast
1 year ago
Hey @Lars Hæhre, excellent question. I'm eager to hear the responses as well. 👍
👍1
Aburio
1 year ago
From my current understanding:

You cannot check if a session cookie exists, so the only way to securely check if a user is logged in is to call GetUser from Supabase. If the token isn't expired, it will return a 200 status with data. If you encounter an error, you should try to refresh the token. However, currently, you cannot set or get the refresh token from a session cookie, so you need to store the refresh token inside local storage. If you cannot find it or if you get an error from the refresh request, your user should be returned to the login screen.
👍1

What would be the best way of verifying that a user is logged in?

Lars Hæhre

Patrick Mast

Aburio