WeWeb / Supabase - Refresh Session

Ask us anything
1

Please help!

I’m working with Supabase and use the new “Data&API” Tab, so I dont have any plugins installed.

A user can have multiple tenants and therefore I store the tenants ID in my JWT (app_metadata).

I use a invoke edge function in order to switch the tenant and store the tenant_id in the JWT - BUT - after that I need to refresh the session in order to use that new tenant id but I simply can’t refresh the session as the new native Supabase integration doesn’t give the function “refresh”.

If I now use the Supabase auth plugin in order to get the refresh session, I can’t access the invoke edge function anymore. it’s a nightmare.

also I tried custom JS in order to refresh but I always get an error as apparently weweb changed a lot of its editor architecture?!

this is the JS code:


// Get the Supabase integration instance
const supabase = wwLib.getIntegration(‘supabase’).instance;

// Force a session refresh to retrieve the updated JWT with new tenant claims
const { data, error } = await supabase.auth.refreshSession();

if (error) {
wwLib.log.error(‘Failed to refresh session:’, error.message);
throw error;
}

return data.session;

(its from we webs ai, but similar to gemini and gpt)

the “bulletproof js that should DEFINITELY work (haha ): ) is this one:

try {
// 1. Locate the Supabase Auth instance
// WeWeb typically uses ‘supabaseAuth’ or ‘supabase’ as the plugin ID
const supabasePlugin = wwLib.wwPlugins.supabaseAuth || wwLib.wwPlugins.supabase;

if (!supabasePlugin || !supabasePlugin.instance) {
    throw new Error('Supabase integration not found. Please ensure the Supabase Auth plugin is installed.');
}

const supabase = supabasePlugin.instance;

// 2. Force a session refresh
// This calls the Supabase API to exchange the refresh token for a new access token
// containing the updated 'app_metadata' (the new tenant claims).
const { data, error } = await supabase.auth.refreshSession();

if (error) {
    wwLib.log.error('Supabase Refresh Error:', error.message);
    return { success: false, error: error.message };
}

// 3. Update the global session context in WeWeb
// This ensures that subsequent requests use the new JWT
return {
    success: true,
    session: data.session,
    accessToken: data.session.access_token
};

} catch (err) {
wwLib.log.error(‘Workflow JS Error:’, err.message);
throw err;
}

Anyone can help me with this one? feels like the new weweb + Supabase is not too recommendable.

2

Hey @maxi :waving_hand:

Refresh sessions are managed automatically with the new Supabase integration.

Can you try without any custom code? It should work out of the box. If not, can you share a short video walkthrough of how things are setup on your side and where the flow breaks down?

3

Thank you so much for the clarification. Unfortunately, it still doesn’t work. I’ll send you the screen recording.

4

Thanks for taking the time to put a video together @maxi !

Let me see if I understand correctly:

  • in the UI, admins can select a different company/tenant
  • when that different company is selected, you want to trigger a workflow that invokes an edge function (to update the selected company/tenant), wait 1000ms and then fetch a user based on the response returned by the edge function

Is that correct?

5

Thank you so much for answering :smiley:

It’s a multi tenancy SaaS, so I have a user that is assigned to one or many tenants. based on that tenant, I fetch the data that relate to the current active tenant.

so, if I click on the menu and switch tenant, I have that edge function triggered that basically says active tenant = inputs value, authenticate with the bearer key… then in the db the active tenant gets updated (is_active=true) and the active tenants id gets saved in the users JWT.

I hope you could understand haha

What happens then is that I need to manually refresh the session in order to get the updated JWT, as PROBABLY the edge function doesn’t trigger the auto session refresh…. (thats my guess for now).

6

Okayyyy I think I understand the use case now but I’m not sure what the best approach would be. Let me ask the tech team for their thoughts on this and get back to you :slight_smile: