Upgrade guide
supabase-js v2 focuses on "quality-of-life" improvements for developers and addresses some of the largest pain points in v1. v2 includes type support, a rebuilt Auth library with async methods, improved errors, and more.
No new features will be added to supabase-js v1 , but we'll continuing merging security fixes to v1, with maintenance patches for the next 3 months.
Upgrade the client library#
Install the latest version
_10npm install @supabase/supabase-js@2
Optionally if you are using custom configuration with createClient then follow below:
Read more about the constructor options.
Auth methods#
The signIn() method has been deprecated in favor of more explicit method signatures to help with type hinting. Previously it was difficult for developers to know what they were missing (e.g., a lot of developers didn't realize they could use passwordless magic links).
Sign in with email and password#
_10const { user, error } = await supabase_10 .auth_10 .signIn({ email, password })
Sign in with magic link#
_10const { error } = await supabase_10 .auth_10 .signIn({ email })
Sign in with a third-party provider#
_10const { error } = await supabase_10 .auth_10 .signIn({ provider })
Sign in with phone#
_10const { error } = await supabase_10 .auth_10 .signIn({ phone, password })
Sign in with phone using OTP#
_10const { error } = await supabase_10 .auth_10 .api_10 .sendMobileOTP(phone)
Reset password for email#
_10const { data, error } = await supabase_10 .auth_10 .api_10 .resetPasswordForEmail(email)
Get the user's current session#
Note that auth.getSession reads the auth token and the unencoded session data from the local storage medium. It doesn't send a request back to the Supabase Auth server unless the local session is expired.
You should never trust the unencoded session data if you're writing server code, since it could be tampered with by the sender. If you need verified, trustworthy user data, call auth.getUser instead, which always makes a request to the Auth server to fetch trusted data.
_10const session = supabase.auth.session()
Get the logged-in user#
_10const user = supabase.auth.user()
Update user data for a logged-in user#
_10const { user, error } = await supabase_10 .auth_10 .update({ attributes })
Use a custom access_token JWT with Supabase#
_10const { user, error } = supabase.auth.setAuth(access_token)
Cookie methods#
The cookie-related methods like setAuthCookie and getUserByCookie have been removed.
For Next.js you can use the Auth Helpers to help you manage cookies. If you can't use the Auth Helpers, you can use server-side rendering.
Some the PR for additional background information.
Data methods#
.insert() / .upsert() / .update() / .delete() don't return rows by default: PR.
Previously, these methods return inserted/updated/deleted rows by default (which caused some confusion), and you can opt to not return it by specifying returning: 'minimal'. Now the default behavior is to not return rows. To return inserted/updated/deleted rows, add a .select() call at the end.
Insert and return data#
_10const { data, error } = await supabase_10 .from('my_table')_10 .insert({ new_data })
Update and return data#
_10const { data, error } = await supabase_10 .from('my_table')_10 .update({ new_data })_10 .eq('id', id)
Upsert and return data#
_10const { data, error } = await supabase_10 .from('my_table')_10 .upsert({ new_data })
Delete and return data#
_10const { data, error } = await supabase_10 .from('my_table')_10 .delete()_10 .eq('id', id)
Realtime methods#
Subscribe#
_10const userListener = supabase_10 .from('users')_10 .on('*', (payload) => handleAllEventsPayload(payload.new))_10 .subscribe()
Unsubscribe#
_10userListener.unsubscribe()