createServerClient causes too many /token requests

[Jordaneisenburger]

Bug report

• I confirm this is a bug with Supabase, not with my own application.
• I confirm I have searched the Docs, GitHub Discussions, and Discord.

Describe the bug

When doing a query to supabase using the createServerClient it causes /token to be requested 4 times. This causes Rate limit issues when for example on localhost I cntrl + reload the page 10 times quickly we already hit that limit

To Reproduce

Steps to reproduce the behavior, please provide code snippets or a repository:

• Create a new nextjs app (app router)
• Create a utils/supabase/server.ts file with contents below

// This code comes from https://supabase.com/docs/guides/auth/server-side/nextjs
import { createServerClient, type CookieOptions } from '@supabase/ssr'
import { cookies } from 'next/headers'

export function createClient() {
  const cookieStore = cookies()

  return createServerClient(
    process.env.NEXT_PUBLIC_SUPABASE_URL!,
    process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,
    {
      cookies: {
        get(name: string) {
          return cookieStore.get(name)?.value
        },
        set(name: string, value: string, options: CookieOptions) {
          try {
            cookieStore.set({ name, value, ...options })
          } catch (error) {
            // The `set` method was called from a Server Component.
            // This can be ignored if you have middleware refreshing
            // user sessions.
          }
        },
        remove(name: string, options: CookieOptions) {
          try {
            cookieStore.set({ name, value: '', ...options })
          } catch (error) {
            // The `delete` method was called from a Server Component.
            // This can be ignored if you have middleware refreshing
            // user sessions.
          }
        },
      },
    }
  )
}

• Adjust the homepage to look like file below (query whatever table you want just make sure to use the id)

import { createClient } from '@/utils/supabase/server/getSupabaseClient';

export default async function Home() {
    const supabase = createClient();
    const res = await supabase.auth.getUser();

    const { data, error } = await supabase
        .from('profiles')
        .select('name')
        .eq('id', res.data?.user?.id!)
        .single();

    return 'something';
}

• build the nextjs project & start the nextjs production server
• Load the page and inspect the Supabase Auth logs
  

So from my observations it seems that await supabase.auth.getUser(); causes 2 /token requests and await supabase .from('profiles') is doing 2 additional /token requests

The /user is also happening twice but this isn't causing problems for now but I don't think should happen either.

Expected behavior

I'd expect the queries to only happen once

[Jordaneisenburger]

This also happens on a clean supabase / nextjs starter project (npx create-next-app -e with-supabase), the issue might not be directly supabase related in a sense that when you add a console.log('parent') to app/page.tsx in your application and then go ahead and do some tailwindcss changes to DeployButton.tsx it will cause the parent to rerender and you will see the console.log now if this parent server component were to do 2 db queries to supabase everytime you change css changes it will trigger the way to many /token requests making a very hard to work as you constantly hit the limits.

[hf]

Too many /token requests are indicative of a badly configured Next.js setup.

Please provide us with the middleware.ts file.

[Jordaneisenburger]

Too many /token requests are indicative of a badly configured Next.js setup.

Please provide us with the middleware.ts file.

responded in the support ticket

[Bilal-io]

@Jordaneisenburger I assume you have fixed your issue by now.
I was having the same where the cookie gets cleared and rate limit error. Silly me, I had my computer date changed to the future to test another feature and never reverted it, which caused the cookie to always appear as expired.