## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Clarified API key changes (new publishable/secret scheme, where to
obtain each, legacy keys valid through end of 2026) and updated many
getting-started tutorials with clearer setup, flow, and auth guidance.
* **New Features**
* Added/expanded profile photo/avatar upload and account integration
steps across multiple tutorials.
* **Guides**
* Added guidance on auth helper methods and when to use them.
* **Examples**
* Example app updated to use token claims for auth state.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Katerina Skroumpelou <mandarini@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Updated examples and guides to use Supabase publishable (client) keys
instead of anon keys for client-side usage across frameworks and
platforms.
* Renamed environment variable examples and .env templates to reflect
publishable key naming.
* Adjusted sample requests and client-init examples to send/use the
publishable key via the apikey header where applicable.
* Updated references from service_role to secret for server-side
credential guidance.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: fadymak <fady@fadymak.com>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Docs - [React Native Expo user management
guide](https://supabase.com/docs/guides/getting-started/tutorials/with-expo-react-native)
## What is the new behavior?
Guide has been updated to be in line with #42269
- Removing `@rneui/themed` package and using native components.
- Update guide screenshot.
- Main stylesheet for the example.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Documentation
- Updated Expo React Native tutorial with modernized component approach
using React Native primitives and centralized styling patterns.
- Simplified codebase examples with consistent formatting and improved
maintainability.
- Core functionality preserved with updated implementation patterns.
<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
Co-authored-by: Chris Chinchilla <chris@chrischinchilla.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Replaces "stored procedures" with "functions" for everything related to
the Data API.
## Additional context
It's not accurate to call database functions "stored procedures". It may
have been that way before Postgres 11, but now it causes confusion
because PostgREST allows functions and not stored procedures.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Standardized terminology across docs, SDK guides, CLI/config specs,
examples, UI, and config comments to use "database functions" instead of
"stored procedures".
* Updated API docs, CLI/config descriptions, Studio UI labels, help
text, empty-state and navigation copy, RPC documentation, and example
text for consistency.
* Adjusted explanatory text and error/help messages to reflect the
revised terminology.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
* Use latest 2.x version of `@supabase/supabase-js` in all examples
* Use `latest` version of `@supabase/ssr` in all examples
* Remove lock files from examples
* Add examples lock files in .gitignore
The rationale is:
- Lock files are not actively maintained/updated (or the versions in the
package.json files for that matter)
- They pin an arbitrary version (from the end-user perspective)
- Removes the need to manually update the versions and reinstall
- Consistency
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
* **Chores**
* Broadened Supabase SDK dependency version constraints across example
projects for greater flexibility with compatible updates
* Updated some SSR package dependencies to track latest releases
* Added gitignore rules for dependency lock files in example directories
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
docs update
## What is the current behavior?
Inconsistent naming of publishable key environment variables across
dashboard, docs, ai skills, templates etc
## What is the new behavior?
Consistent naming of publishable key environment variables across
dashboard, docs, ai skills, templates etc
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Updated environment variable naming across example projects. Changed
`VITE_SUPABASE_PUBLISHABLE_DEFAULT_KEY` to
`VITE_SUPABASE_PUBLISHABLE_KEY` in configuration and initialization
files for the React quickstart and user-management examples.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
## What
Updates all `setAll` cookie handler implementations across docs and
examples to accept the new `headers` second argument introduced in
`@supabase/ssr` v0.10.0
([supabase/ssr#176](https://github.com/supabase/ssr/pull/176)).
## Why
`@supabase/ssr` v0.10.0 introduced a breaking change: `setAll` now
receives a required second argument `headers: Record<string, string>`
alongside the cookies array. When a token refresh occurs, the library
passes cache headers (`Cache-Control`, `Expires`, `Pragma`) that must be
applied to the HTTP response to prevent CDN caching of auth responses.
Because TypeScript allows functions with fewer parameters to satisfy a
type expecting more, existing `setAll` implementations do not produce a
type error when the second argument is omitted. Users who copy an
outdated snippet will silently miss the CDN protection.
Root cause and context:
[supabase/supabase-js#1682](https://github.com/supabase/supabase-js/issues/1682)
## Changes
**Proxy/middleware contexts** (where token refreshes happen) now apply
the cache headers to their response:
- Next.js proxy files: `supabaseResponse.headers.set(key, value)`
- SvelteKit hooks: `event.setHeaders(headers)`
- Hono middleware: `c.header(key, value)`
- Pages Router (Express-style): `ctx.res.setHeader(key, value)`
- Remix/React Router loaders and actions: applied to response headers
(outer `headers` variable renamed to `responseHeaders` to avoid naming
conflict with the new param)
**Server Component and API route contexts** (no response object
available) accept `_headers` without applying them.
## Files updated
- `apps/docs/content/guides/auth/server-side/creating-a-client.mdx`
(inline Astro, Remix, React Router, Express snippets)
- `apps/docs/content/_partials/oauth_pkce_flow.mdx`
- `apps/docs/content/guides/auth/oauth-server/getting-started.mdx`
- `apps/docs/content/guides/auth/passwords.mdx`
-
`apps/docs/content/troubleshooting/how-to-migrate-from-supabase-auth-helpers-to-ssr-package-5NRunM.mdx`
- `examples/auth/nextjs/`, `examples/auth/nextjs-full/` (proxy + server)
- `examples/auth/sveltekit/`, `examples/auth/sveltekit-full/`
- `examples/auth/hono/`, `examples/auth/hono-full/`
- `examples/user-management/nextjs-user-management/` (proxy + server)
- `examples/user-management/sveltekit-user-management/`
- `examples/realtime/nextjs-authorization-demo/` (proxy + server)
- `examples/realtime/nextjs-auth-presence/` (pages router)
- `examples/prompts/nextjs-supabase-auth.md`
### What kind of change does this PR introduce?
Bug fix — corrects a TypeScript initialization error in the Angular user
management tutorial example.
### What is the current behavior?
In the Angular tutorial's `AuthComponent`, `signInForm` is declared with
a non-null assertion (`signInForm!: FormGroup`) and initialized inside
`ngOnInit()`. This causes a TypeScript strict-mode error because
`formBuilder` is used before the constructor runs. Developers following
the tutorial encounter:
> Property 'formBuilder' is used before being initialized.
### What is the new behavior?
`signInForm` is now initialized in the constructor, matching the pattern
already used by `AccountComponent` in the same example project. The
non-null assertion is removed since the property is properly assigned
during construction.
### Changes
**`examples/user-management/angular-user-management/src/app/auth/auth.component.ts`**
- Moved `signInForm` initialization from `ngOnInit()` into the
constructor
- Removed non-null assertion operator (`!`) from `signInForm`
declaration
- Reordered property declarations for consistency (`loading` before
`signInForm`)
### Additional context
The sibling `AccountComponent` already follows the correct pattern —
initializing `updateProfileForm` inside the constructor (line 35). This
PR aligns `AuthComponent` with that established convention.
Closes#34392
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added a loading indicator state to the authentication form.
* **Refactor**
* Restructured form initialization logic for improved component setup.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## What kind of change does this PR introduce?
Documentation update
## What is the current behavior?
The Refine tutorial uses `supabaseClient.auth.getSession()` in the
`authProvider.check` method to verify authentication. `getSession` is
deprecated and not recommended for auth verification.
## What is the new behavior?
Replaced `getSession()` with `getClaims()` which reads claims from the
locally cached JWT. This is the recommended approach as mentioned in the
issue.
## Files changed
- `apps/docs/content/guides/getting-started/tutorials/with-refine.mdx` —
Updated `check` method in the authProvider code example
-
`examples/user-management/refine-user-management/src/providers/auth-provider.ts`
— Updated the corresponding example code to match
Closes#42193
---------
Co-authored-by: gorillaworkout <bayudarmawan215@gmail.com>
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
Fixes#42192
Replaces the deprecated `getSession` call with `getClaims` in the
SolidJS tutorial documentation (`with-solidjs.mdx`).
Changes:
- `supabase.auth.getSession()` → `supabase.auth.getClaims()`
- `data.session` → `data.claims`
This follows the recommended migration pattern per the Supabase auth
docs, and is consistent with the same fix applied to the Refine tutorial
in #43006.
---------
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Simplified React getting-started tutorial: concise, action-oriented
steps, inline code replaced by external sample references, removed the
Bonus: Profile photos section, and expanded README guidance and setup
steps.
* **Examples**
* User-management example converted to a user-focused auth flow with
safer unmount handling, adjusted profile/account interactions, and
updated sample references.
* **Chores**
* Upgraded example dependencies and tooling to align with newer React
and ecosystem versions.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Quickstart next 16 update
* Fix paths and env vars
* docs: refactor nextjs server-side auth to use Proxy instead of middleware
* docs: refactor nextjs server-side auth to match proxy
* docs: refactor nextjs example to match Proxy
* docs: refactor nextjs auth AI prompt to match Proxy
* docs: refactor nextjs sentry telemetry integration to match Proxy
* examples: update nextjs realtime example to match middleware
* docs: refactoring guides to use nextjs proxy
* examples: update nextjs-full example to match Next16 template
* example: update nextjs-user-management to match nextjs 16
* docs: refactoring nextjs user-management tutorial to use typescript only
* docs: refactoring nextjs quickstart, removing step 4
since this step is already included on `with-supabase` template, we can
just remove this redundant step
* docs: auth-helpers nextjs pages, Nextjs16 proxy disclaimer
* stamp: lint
* stamp: revert 'NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY'
* stamp: nextjs examples, revert to use cookie options
* fix(docs): typo
* docs: updating nextjs-auth troubleshoot guide to match proxy
* Update apps/docs/content/guides/getting-started/quickstarts/nextjs.mdx
* Revert auth-helpers changes
* Revert auth-helpers content
* Apply suggestions from code review
* Update apps/docs/content/troubleshooting/how-do-you-troubleshoot-nextjs---supabase-auth-issues-riMCZV.mdx
* Update apps/docs/content/troubleshooting/how-do-you-troubleshoot-nextjs---supabase-auth-issues-riMCZV.mdx
* Update apps/docs/content/troubleshooting/how-do-you-troubleshoot-nextjs---supabase-auth-issues-riMCZV.mdx
* Update apps/docs/content/troubleshooting/how-do-you-troubleshoot-nextjs---supabase-auth-issues-riMCZV.mdx
* Apply suggestions from code review
* Prettier
---------
Co-authored-by: kallebysantos <kalleby_santos@hotmail.com>
* docs: remove link to token-transformer since that repo has since been refactored and no particular file contains the code originally linked to
* docs: update Redis link in rate limiting examples to point to the correct URL
* docs: update Supabase URLs to current magic link docs
* docs: update README for postgres-on-the-edge function to remove polyscale line (service no longer exists) and add resource links to relevant deno blog post
* docs: update Open Graph image generation examples links to the new documentation URL
* docs: update README with new Quickstart: Swift guide URL
* docs: update Supabase Vector links to reflect new URL
* docs: add two new link suggestions the replace the current broken one. Choose one.
* docs: update documentation links for Postgres Language Server to reflect new URL
* docs: update event trigger matrix documentation link to compensate for fact that 'current' verb does not work for some of their links
* Update apps/docs/content/troubleshooting/supabase-grafana-memory-charts.mdx
Co-authored-by: Chris Chinchilla <chris@chrischinchilla.com>
---------
Co-authored-by: Chris Chinchilla <chris@chrischinchilla.com>
* docs: update Refine svg in HeroFrameworks
* docs: use capital R for Refine mentions
* docs: use main branch for Refine repository references
* docs: update connect interface example code for Refine
* docs: update Refine quick start tutorial with Refine v5
* examples(refine-user-management): upgrade to Refine v5
* docs: update Refine getting started tutorial with Refine v5
* chore(studio): update Refine icon on Connect modal
* docs: update Refine svg
* docs: update welcome screen screenshot in Refine tutorial
* docs: update dimensions of welcome screen screenshot in Refine tutorial
* chore: remove leftover dist assets from Refine example
* chore(linter): add Refine to Rule001 and Rule003
* chore: format getting started with Refine.mdx
* chore: remove .prettierrc file from the example
* Draft
* Update text for guide
* Update text for guide
* Update code for newer next js versions
* Final small change
* Update apps/docs/content/_partials/project_setup.mdx
Co-authored-by: Charis <26616127+charislam@users.noreply.github.com>
* Changes from review
* Use project name in tutorial text
* Fix up inclusion
* Fix inclusion
* Prettier
---------
Co-authored-by: Charis <26616127+charislam@users.noreply.github.com>
* General updates and switch to Svelte 5
* Update code example to Svelte 5
* Update some examples to use codesamples component
* Add Svelte to codesample component
* Final code updates
* Add more CodeSample components
* Refactor login_page with a _showSnackBar function
* Add an onError block to onAuthStateChange
Errors get swallowed without this error handler, I noticed it when I had requested too many magic link emails, there was no feedback in the ui, nor in the logs in the console.
* Fix SnackBars not being displayed and add a _showSnackBar function
* Fix code samples for login_page.dart and account_page.dart to reflect fixes in #27104
* Fix isError not being passed for an Unexpected Error in login_page
* Update flutter user management example to a more modern code
* Update the guide to match the new content
* run formatter
* got rid of excess code and minor format fix
---------
Co-authored-by: dshukertjr <dshukertjr@gmail.com>
Chris Chinchilla