Whenever you need to add some logic under supabase.auth.onAuthStateChange, make sure to consider Supabase docs regarding this: https://supabase.com/docs/reference/javascript/auth-onauthstatechange
Specially the warning about not using an async function as its callback:
Important: A callback can be an async function and it runs synchronously during the processing of the changes causing the event. You can easily create a dead-lock by using await on a call to another method of the Supabase library.
- Avoid using async functions as callbacks.
- Limit the number of await calls in async callbacks.
- Do not use other Supabase functions in the callback function. If you must, dispatch the functions once the callback has finished executing. Use this as a quick way to achieve this:
supabase.auth.onAuthStateChange((event, session) => {
setTimeout(async () => {
// await on other Supabase function here
// this runs right after the callback has finished
}, 0)
})- When using
SECURITY DEFINERalways specifySET search_path = '', for example:
CREATE OR REPLACE FUNCTION public.handle_new_user()
RETURNS trigger
LANGUAGE plpgsql
SECURITY DEFINER SET search_path = ''
AS $function$
BEGIN
SET search_path = '';
INSERT INTO public.profiles (id, email, name)
VALUES (new.id, new.email, COALESCE(new.raw_user_meta_data->>'name', ''));
RETURN NEW;
END;
$function$;When creating an Edge Function to act as a webhook for an external service like Stripe. Make sure to add the following to supabase/config.toml (replacing stripe-webhook with the name of the Edge Function):
[functions.stripe-webhook]
verify_jwt = falseThis will allow external systems to invoke the Edge Function without Supabase looking for a valid token.