Best Practice: Managing User Data with JWT and getSession() in Next.js + Supabase
Unanswered
MatheusDeveloper posted this in #help-forum
Has anyone who has used Supabase come across this situation?
I'm developing an application with Next.js and Supabase where I need to access and customize user data (such as user type, plan, and available items) across different parts of the system. Currently, I use a custom_access_token_hook function to add this data to the JWT. I also noticed the need to customize the result of Supabase's getSession() to include this additional information.
My question is: Does it make sense to customize and use both methods (JWT and getSession) to access user data, or should I focus on just one of them?
If I customize both, how can I ensure consistency between them?
What would be the pros and cons of each approach in terms of performance, security, and maintainability? Considering that I need this data both on the client and the server, what would be the most efficient strategy to implement and maintain these customizations?
I'm developing an application with Next.js and Supabase where I need to access and customize user data (such as user type, plan, and available items) across different parts of the system. Currently, I use a custom_access_token_hook function to add this data to the JWT. I also noticed the need to customize the result of Supabase's getSession() to include this additional information.
My question is: Does it make sense to customize and use both methods (JWT and getSession) to access user data, or should I focus on just one of them?
If I customize both, how can I ensure consistency between them?
What would be the pros and cons of each approach in terms of performance, security, and maintainability? Considering that I need this data both on the client and the server, what would be the most efficient strategy to implement and maintain these customizations?
13 Replies
Hmm @MatheusDeveloper Then you mean you don't have another table for your extra data?
@James4u Yes, I do have extra data stored in my database (for example, user type, plan, and available items), but my question is more about where and how to access this data efficiently within my application.
Currently, I'm adding this extra data to the JWT using a custom hook (custom_access_token_hook), so I can access it easily on the frontend without making additional requests to the server. However, I'm also considering customizing the getSession() result to include this data when fetching user information on the server side.
I'm wondering if it's a good idea to manage user data through both the JWT and getSession(), or if I should just focus on one of these methods. My concern is about performance, security, and ensuring consistency between the two, especially since I need to access the data both on the client and server side.
Would love to hear your thoughts!
Currently, I'm adding this extra data to the JWT using a custom hook (custom_access_token_hook), so I can access it easily on the frontend without making additional requests to the server. However, I'm also considering customizing the getSession() result to include this data when fetching user information on the server side.
I'm wondering if it's a good idea to manage user data through both the JWT and getSession(), or if I should just focus on one of these methods. My concern is about performance, security, and ensuring consistency between the two, especially since I need to access the data both on the client and server side.
Would love to hear your thoughts!
Are you currently using app router?
anyway I think you are overkilling
for displaying those data on different parts of your application, use server components and just query your db - assuming you know you don't have performance issue there as you can cache your db query
and also after some mutation, you can revalidate the cache to show new data
Thanks for the insights, @James4u
Yes, I am using the app router with server components. You're right, I might be overcomplicating things by managing the data both through the JWT and getSession().
From what you're suggesting, it seems like querying the database directly in server components and caching the results would simplify things, especially with revalidation after any mutations.
I'll look into adjusting my approach to rely more on direct DB queries instead of overusing the JWT. Do you have any tips or best practices for managing cache revalidation efficiently with this setup?
Yes, I am using the app router with server components. You're right, I might be overcomplicating things by managing the data both through the JWT and getSession().
From what you're suggesting, it seems like querying the database directly in server components and caching the results would simplify things, especially with revalidation after any mutations.
I'll look into adjusting my approach to rely more on direct DB queries instead of overusing the JWT. Do you have any tips or best practices for managing cache revalidation efficiently with this setup?
check out this page for caching db queries
or you can also use cache from react
https://nextjs.org/docs/app/building-your-application/data-fetching/server-actions-and-mutations#revalidating-data
and also this one for the revalidation.
and also this one for the revalidation.
it's simple, in your server action or api route, after mutation just call revalidatePath or revalidateTag to purge cache
if your data is being changed by outside, I think the only way is to adjust the revalidation interval timeoffset