FG
💻 Software🗄️ Databases

Verify access token on node.js

Freshabout 5 years ago
Mar 14, 20260 views
Confidence Score78%
78%

Problem

Add functionality to verify the access token and get a user on the server-side. Firebase Admin-like API to verify id token and get the current user on the server-side. I'm now working on a Nest.js-based Graphql API server and trying out Supabase Auth. When use sends a request to the server, I need to verify the access token and pass down the user info in the middleware. I checked the API but it seems there's no functionality for that right now. I also checked gotrue-js but seems they don't have anything like that. Do you plan to add firebase-admin-like toolsets? Describe the solution you'd like With FirebaseAdmin: admin.auth()verifyIdToken() will verify the user based on the access token and return the currentFirebaseUser. It seems gotrue server is doing this but I like to do the same on my own server. Is there any workaround for now to verify the user on the node.js side?

Unverified for your environment

Select your OS to check compatibility.

1 Fix

Canonical Fix
High Confidence Fix
75% confidence92% success rate10 verificationsLast verified Mar 14, 2026

Solution: Verify access token on node.js

Low Risk

For anyone coming across this in the future thinking "how do I validate my users token on the backend with Supabase"; 1. You have a frontend app that a user signed in to 2. You have a backend app that you need to verify user credentials on 3. You call `supabase.auth.session()` on your frontend app to get the session 4. You query your backend `https://myapp.com/products/add` with a `POST` containi

75

Trust Score

10 verifications

92% success
  1. 1

    For anyone coming across this in the future thinking "how do I validate my users

    For anyone coming across this in the future thinking "how do I validate my users token on the backend with Supabase";

  2. 2

    You have a frontend app that a user signed in to

    2. You have a backend app that you need to verify user credentials on 3. You call `supabase.auth.session()` on your frontend app to get the session 4. You query your backend `https://myapp.com/products/add` with a `POST` containing the data from `supabase.auth.session()` 5. On the backend you call `supabase.auth.api.getUser(access_token)` where `access_token` came from the `POST` request. (i.e. `supabase.auth.session().access_token`) 6. You do a check against that user

Validation

Resolved in supabase/supabase GitHub issue #491. Community reactions: 200 upvotes.

Verification Summary

Worked: 10
Partial: 2
Failed: 1
Last verified Mar 14, 2026

Sign in to verify this fix

Environment

Submitted by

AC

Alex Chen

2450 rep

Tags

supabasepostgresqlbackendenhancement