apps/docs/content/guides/getting-started/tutorials/with-nextjs.mdx
<$Partial path="uiLibCta.mdx" /> <$Partial path="quickstart_intro.mdx" />
<Admonition type="note">If you get stuck while working through this guide, refer to the full example on GitHub.
</Admonition><$Partial path="project_setup.mdx" variables={{ "framework": "nextjs", "tab": "frameworks" }} />
Start building the Next.js app from scratch.
Use create-next-app to initialize an app called supabase-nextjs:
npx create-next-app@latest --ts --use-npm supabase-nextjs
cd supabase-nextjs
Then install the Supabase client library: supabase-js
npm install @supabase/supabase-js
Save the environment variables in a .env.local file at the root of the project, and paste the API URL and the key that you copied earlier.
NEXT_PUBLIC_SUPABASE_URL=YOUR_SUPABASE_URL
NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY=YOUR_SUPABASE_PUBLISHABLE_KEY
An optional step is to update the CSS file app/globals.css to make the app look better.
You can find the full contents of this file in the example repository.
Next.js is a highly versatile framework offering pre-rendering at build time (SSG), server-side rendering at request time (SSR), API routes, and proxy edge-functions.
To better integrate with the framework, we've created the @supabase/ssr package for Server-Side Auth. It has all the functionalities to quickly configure your Supabase project to use cookies for storing user sessions. Read the Next.js Server-Side Auth guide for more information.
Install the package for Next.js.
npm install @supabase/ssr
There are two different types of clients in Supabase:
We recommend creating the following essential utilities files for creating clients, and organize them within lib/supabase at the root of the project.
Create a client.ts and a server.ts with the following functionalities for client-side Supabase and server-side Supabase, respectively.
<$CodeTabs>
<$CodeSample path="/user-management/nextjs-user-management/lib/supabase/client.ts" lines={[[1, -1]]} meta="name=lib/supabase/client.ts" />
<$CodeSample path="/user-management/nextjs-user-management/lib/supabase/server.ts" lines={[[1, -1]]} meta="name=lib/supabase/server.ts" />
</$CodeTabs>
Since Server Components can't write cookies, you need Proxy to refresh expired Auth tokens and store them.
You can accomplish this by:
supabase.auth.getClaims.request.cookies.set, so they don't attempt to refresh the same token themselves.response.cookies.set.You could also add a matcher, so that the Proxy only runs on routes that access Supabase. For more information, read the Next.js matcher documentation.
<Admonition type="danger">Be careful when protecting pages. The server gets the user session from the cookies, which anyone can spoof.
Most of the time, use supabase.auth.getClaims() to protect pages and user data.
Never trust supabase.auth.getSession() inside server code such as proxy. It isn't guaranteed to revalidate the Auth token.
It's safe to trust getClaims() because it validates the token in storage, either directly or by calling getUser() solely to check the result. It doesn't use the response from getUser() itself, only whether the validation succeeded.
Create a proxy.ts file at the project root and another one within the lib/supabase folder. The lib/supabase file contains the logic for updating the session. The proxy.ts file uses this, which is a Next.js convention.
<$CodeTabs>
<$CodeSample path="/user-management/nextjs-user-management/proxy.ts" lines={[[1, -1]]} meta="name=proxy.ts" />
<$CodeSample path="/user-management/nextjs-user-management/lib/supabase/proxy.ts" lines={[[1, -1]]} meta="name=lib/supabase/proxy.ts" />
</$CodeTabs>
In order to add login/signup page for your application:
Create a new folder named login, containing a page.tsx file with a login/signup form.
<$CodeTabs>
<$CodeSample path="/user-management/nextjs-user-management/app/login/page.tsx" lines={[[1, -1]]} meta="name=app/login/page.tsx" />
</$CodeTabs>
Next, you need to create the login/signup actions to hook up the form to the function. Which does the following:
The cookies method is called before any calls to Supabase, which takes fetch calls out of Next.js's caching. This is important for authenticated data fetches, to ensure that users get access only to their own data.
Read the Next.js docs to learn more about opting out of data caching.
</Admonition>Create the action.ts file in the app/login folder, which contains the login and signup functions and the error/page.tsx file, which displays an error message if the login or signup fails.
<$CodeTabs>
<$CodeSample path="/user-management/nextjs-user-management/app/login/actions.ts" lines={[[1, -1]]} meta="name=app/login/actions.ts" />
<$CodeSample path="/user-management/nextjs-user-management/app/error/page.tsx" lines={[[1, -1]]} meta="name=app/error/page.tsx" />
</$CodeTabs>
Before proceeding, change the email template to support support a server-side authentication flow that sends a token hash:
{{ .ConfirmationURL }} to {{ .SiteURL }}/auth/confirm?token_hash={{ .TokenHash }}&type=email.You can also customize other emails sent out to new users, including the email's looks, content, and query parameters. Check out the settings of your project.
</Admonition>As you are working in a server-side rendering (SSR) environment, you need to create a server endpoint responsible for exchanging the token_hash for a session.
The code performs the following steps:
token_hash query parameter.account page.<$CodeSample path="/user-management/nextjs-user-management/app/auth/confirm/route.ts" lines={[[1, -1]]} meta="name=app/auth/confirm/route.ts" />
After a user signs in, allow them to edit their profile details and manage their account.
Create a new component for that called AccountForm within the app/account folder.
<$CodeSample path="/user-management/nextjs-user-management/app/account/account-form.tsx" lines={[[1, 4], [7, 78], [88, -1]]} meta="name=app/account/account-form.tsx" />
Create an account page for the AccountForm component you just created
<$CodeSample path="/user-management/nextjs-user-management/app/account/page.tsx" lines={[[1, -1]]} meta="name=app/account/page.tsx" />
Create a route handler to handle the sign out from the server side, making sure to check if the user is logged in first.
<$CodeSample path="/user-management/nextjs-user-management/app/auth/signout/route.ts" lines={[[1, -1]]} meta="name=app/auth/signout/route.ts" />
Now you have all the pages, route handlers, and components in place, run the following in a terminal window:
npm run dev
And then open the browser to localhost:3000/login and you should see the completed app.
When you enter your email and password, you will receive an email with the title Confirm Your Signup. Congrats 🎉!!!
Every Supabase project is configured with Storage for managing large files like photos and videos.
Create an avatar widget for the user so that they can upload a profile photo. Start by creating a new component:
<$CodeSample path="/user-management/nextjs-user-management/app/account/avatar.tsx" lines={[[1, -1]]} meta="name=app/account/avatar.tsx" />
Then add the widget to the AccountForm component:
<$CodeSample path="/user-management/nextjs-user-management/app/account/account-form.tsx" lines={[[5, 5], [77, 87], [137, -1]]} meta="name=app/account/account-form.tsx" />
At this stage you have a fully functional application!