Next js + Supabase (Auth: Middleware + Context) | Next.js | Page 1

mint pollen Sep 29, 2025, 1:25 PM

#

Hey everyone, I’m working on a project with Next.js and Supabase. I use middleware to protect routes, validate roles, and refresh the token, and I also have an Auth Context to avoid calling .getUser() on every request or whenever I need user information. I realized I’m calling .getUser() twice: once in the middleware for its operations and again in the context to hydrate it. I suspect that’s not a good practice. How have you handled this in your projects when you’ve faced this situation?

lilac blazeBOT Sep 29, 2025, 1:25 PM

#

Post created!

🔎 This post has been indexed in our web forum and will be seen by search engines so other users can find it outside Discord

🕵️ Your user profile is private by default and won't be visible to users outside Discord, if you want to be visible in the web forum you can add the "Public Profile" role in id:customize

✅ You can mark a message as the answer for your post with Right click -> Apps -> Mark Solution
(if you don't see the option, try refreshing Discord with Ctrl + R)

ruby tusk Sep 30, 2025, 1:45 AM

#

You shouldn't just rely on middleware for authorization, always check at the page level (not layout!). Supabase is using JWT's so you're not hitting a database on each request anyways. Do basic checks inside your middleware and anything other than that at the page level.

heady parcel Sep 30, 2025, 6:11 AM

#

ruby tusk You shouldn't just rely on middleware for authorization, always check at the pag...

Yes layout only runs at start so when you navigate to the same layout group it will not rerun thus it wont check. Best pratice is either doing it in page level, and try implemting a function for reusability. And normally for getUser i believe cache is also handled by supabse in the recent change.

#Next js + Supabase (Auth: Middleware + Context)