[Feature Request / Question] roles array removed from Supabase Auth user object — intentional or oversight?
Hi WeWeb team and community,
After investigating the difference between the old and new Supabase Auth plugin, I realized that the roles array that used to exist in the user object was actually a WeWeb-added feature, not something native to the Supabase JS SDK.
In the old plugin, WeWeb automatically fetched the user’s roles from the database after login and appended them to the user object:
{
"id": "...",
"email": "...",
"role": "authenticated",
"roles": ["admin"], // ← WeWeb fetched and appended this
"_session": {} // ← this too
}
In the new plugin, this extra step was removed, and now the user object only contains what the native Supabase JS SDK returns — no roles, no _session.
My first question to the WeWeb team:
Was this removal intentional by design, or was it an oversight during the plugin refactor?
I can understand if it was intentional — the old approach was opinionated and assumed a specific table structure (roles, users_roles) that not every user follows. Moving toward a thinner, more native SDK wrapper makes sense architecturally.
However, if it was intentional, the migration should have been communicated clearly, because many of us built role-based UI logic directly against user.roles and our apps silently broke after updating the plugin.
Why this matters:
This was one of the most useful features of the WeWeb Supabase plugin. Removing it without a migration guide is a regression that silently breaks existing apps after updating the plugin.
What we’re asking for:
Whether intentional or not, please consider:
- Clarify officially whether this was a design decision or a bug
- Provide a migration guide for apps that relied on
user.roles - Add a built-in action like “Fetch and attach user roles” that can be triggered on login/app load
- Document clearly what changed between plugin versions
Current workaround:
We have to manually fetch roles after login and store them in a WeWeb variable — which works, but adds complexity and is easy to miss on all entry points (login, page refresh, app load).
This feature was a real differentiator for WeWeb’s Supabase integration. Would love to see it come back — or at least get an official explanation of the direction.
Thanks!