Name: Nextjs Supabase Auth
Author: Sickn33

Install

Terminal · npx

$npx skills add https://github.com/sickn33/antigravity-awesome-skills --skill nextjs-supabase-auth

Works with Paperclip

How Nextjs Supabase Auth fits into a Paperclip company.

Nextjs Supabase Auth drops into any Paperclip agent that handles this kind of work. Assign it to a specialist inside a pre-configured PaperclipOrg company and the skill becomes available on every heartbeat — no prompt engineering, no tool wiring.

SaaS FactoryPaired

Pre-configured AI company — 18 agents, 18 skills, one-time purchase.

$27$59

Explore pack

Source file

SKILL.md313 linesmarkdown

Expand

1---2name: nextjs-supabase-auth3description: Expert integration of Supabase Auth with Next.js App Router4risk: none5source: vibeship-spawner-skills (Apache 2.0)6date_added: 2026-02-277---8 9# Next.js + Supabase Auth10 11Expert integration of Supabase Auth with Next.js App Router12 13## Capabilities14 15- nextjs-auth16- supabase-auth-nextjs17- auth-middleware18- auth-callback19 20## Prerequisites21 22- Required skills: nextjs-app-router, supabase-backend23 24## Patterns25 26### Supabase Client Setup27 28Create properly configured Supabase clients for different contexts29 30**When to use**: Setting up auth in a Next.js project31 32// lib/supabase/client.ts (Browser client)33'use client'34import { createBrowserClient } from '@supabase/ssr'35 36export function createClient() {37  return createBrowserClient(38    process.env.NEXT_PUBLIC_SUPABASE_URL!,39    process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!40  )41}42 43// lib/supabase/server.ts (Server client)44import { createServerClient } from '@supabase/ssr'45import { cookies } from 'next/headers'46 47export async function createClient() {48  const cookieStore = await cookies()49  return createServerClient(50    process.env.NEXT_PUBLIC_SUPABASE_URL!,51    process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,52    {53      cookies: {54        getAll() {55          return cookieStore.getAll()56        },57        setAll(cookiesToSet) {58          cookiesToSet.forEach(({ name, value, options }) => {59            cookieStore.set(name, value, options)60          })61        },62      },63    }64  )65}66 67### Auth Middleware68 69Protect routes and refresh sessions in middleware70 71**When to use**: You need route protection or session refresh72 73// middleware.ts74import { createServerClient } from '@supabase/ssr'75import { NextResponse, type NextRequest } from 'next/server'76 77export async function middleware(request: NextRequest) {78  let response = NextResponse.next({ request })79 80  const supabase = createServerClient(81    process.env.NEXT_PUBLIC_SUPABASE_URL!,82    process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,83    {84      cookies: {85        getAll() {86          return request.cookies.getAll()87        },88        setAll(cookiesToSet) {89          cookiesToSet.forEach(({ name, value, options }) => {90            response.cookies.set(name, value, options)91          })92        },93      },94    }95  )96 97  // Refresh session if expired98  const { data: { user } } = await supabase.auth.getUser()99 100  // Protect dashboard routes101  if (request.nextUrl.pathname.startsWith('/dashboard') && !user) {102    return NextResponse.redirect(new URL('/login', request.url))103  }104 105  return response106}107 108export const config = {109  matcher: ['/((?!_next/static|_next/image|favicon.ico).*)'],110}111 112### Auth Callback Route113 114Handle OAuth callback and exchange code for session115 116**When to use**: Using OAuth providers (Google, GitHub, etc.)117 118// app/auth/callback/route.ts119import { createClient } from '@/lib/supabase/server'120import { NextResponse } from 'next/server'121 122export async function GET(request: Request) {123  const { searchParams, origin } = new URL(request.url)124  const code = searchParams.get('code')125  const next = searchParams.get('next') ?? '/'126 127  if (code) {128    const supabase = await createClient()129    const { error } = await supabase.auth.exchangeCodeForSession(code)130    if (!error) {131      return NextResponse.redirect(`${origin}${next}`)132    }133  }134 135  return NextResponse.redirect(`${origin}/auth/error`)136}137 138### Server Action Auth139 140Handle auth operations in Server Actions141 142**When to use**: Login, logout, or signup from Server Components143 144// app/actions/auth.ts145'use server'146import { createClient } from '@/lib/supabase/server'147import { redirect } from 'next/navigation'148import { revalidatePath } from 'next/cache'149 150export async function signIn(formData: FormData) {151  const supabase = await createClient()152  const { error } = await supabase.auth.signInWithPassword({153    email: formData.get('email') as string,154    password: formData.get('password') as string,155  })156 157  if (error) {158    return { error: error.message }159  }160 161  revalidatePath('/', 'layout')162  redirect('/dashboard')163}164 165export async function signOut() {166  const supabase = await createClient()167  await supabase.auth.signOut()168  revalidatePath('/', 'layout')169  redirect('/')170}171 172### Get User in Server Component173 174Access the authenticated user in Server Components175 176**When to use**: Rendering user-specific content server-side177 178// app/dashboard/page.tsx179import { createClient } from '@/lib/supabase/server'180import { redirect } from 'next/navigation'181 182export default async function DashboardPage() {183  const supabase = await createClient()184  const { data: { user } } = await supabase.auth.getUser()185 186  if (!user) {187    redirect('/login')188  }189 190  return (191    <div>192      <h1>Welcome, {user.email}</h1>193    </div>194  )195}196 197## Validation Checks198 199### Using getSession() for Auth Checks200 201Severity: ERROR202 203Message: getSession() doesn't verify the JWT. Use getUser() for secure auth checks.204 205Fix action: Replace getSession() with getUser() for security-critical checks206 207### OAuth Without Callback Route208 209Severity: ERROR210 211Message: Using OAuth but missing callback route at app/auth/callback/route.ts212 213Fix action: Create app/auth/callback/route.ts to handle OAuth redirects214 215### Browser Client in Server Context216 217Severity: ERROR218 219Message: Browser client used in server context. Use createServerClient instead.220 221Fix action: Import and use createServerClient from @supabase/ssr222 223### Protected Routes Without Middleware224 225Severity: WARNING226 227Message: No middleware.ts found. Consider adding middleware for route protection.228 229Fix action: Create middleware.ts to protect routes and refresh sessions230 231### Hardcoded Auth Redirect URL232 233Severity: WARNING234 235Message: Hardcoded localhost redirect. Use origin for environment flexibility.236 237Fix action: Use window.location.origin or process.env.NEXT_PUBLIC_SITE_URL238 239### Auth Call Without Error Handling240 241Severity: WARNING242 243Message: Auth operation without error handling. Always check for errors.244 245Fix action: Destructure { data, error } and handle error case246 247### Auth Action Without Revalidation248 249Severity: WARNING250 251Message: Auth action without revalidatePath. Cache may show stale auth state.252 253Fix action: Add revalidatePath('/', 'layout') after auth operations254 255### Client-Only Route Protection256 257Severity: WARNING258 259Message: Client-side route protection shows flash of content. Use middleware.260 261Fix action: Move protection to middleware.ts for better UX262 263## Collaboration264 265### Delegation Triggers266 267- database|rls|queries|tables -> supabase-backend (Auth needs database layer)268- route|page|component|layout -> nextjs-app-router (Auth needs Next.js patterns)269- deploy|production|vercel -> vercel-deployment (Auth needs deployment config)270- ui|form|button|design -> frontend (Auth needs UI components)271 272### Full Auth Stack273 274Skills: nextjs-supabase-auth, supabase-backend, nextjs-app-router, vercel-deployment275 276Workflow:277 278```2791. Database setup (supabase-backend)2802. Auth implementation (nextjs-supabase-auth)2813. Route protection (nextjs-app-router)2824. Deployment config (vercel-deployment)283```284 285### Protected SaaS286 287Skills: nextjs-supabase-auth, stripe-integration, supabase-backend288 289Workflow:290 291```2921. User authentication (nextjs-supabase-auth)2932. Customer sync (stripe-integration)2943. Subscription gating (supabase-backend)295```296 297## Related Skills298 299Works well with: `nextjs-app-router`, `supabase-backend`300 301## When to Use302- User mentions or implies: supabase auth next303- User mentions or implies: authentication next.js304- User mentions or implies: login supabase305- User mentions or implies: auth middleware306- User mentions or implies: protected route307- User mentions or implies: auth callback308- User mentions or implies: session management309 310## Limitations311- Use this skill only when the task clearly matches the scope described above.312- Do not treat the output as a substitute for environment-specific validation, testing, or expert review.313- Stop and ask for clarification if required inputs, permissions, safety boundaries, or success criteria are missing.

Related skills

3d Web Experience

Install 3d Web Experience skill for Claude Code from sickn33/antigravity-awesome-skills.

Agent Memory Mcp

Install Agent Memory Mcp skill for Claude Code from sickn33/antigravity-awesome-skills.

Agent Memory Systems

Install Agent Memory Systems skill for Claude Code from sickn33/antigravity-awesome-skills.