#auth
-
Nuxt + Supabase — four pitfalls from swapping Authorization headers for SSR cookies
A real migration from "client-side localStorage session + Bearer headers everywhere" to "SSR cookies + a server-side OAuth callback route". The post walks through before/after code, then reconstructs the four pitfalls production exposed (OAuth race, service-role env naming, partial SSR redirect, Playwright × Vue hydration race) — plus the Claude Code main-driver + Codex CLI second-reviewer workflow we used while debugging.