Skip to content

fix(auth-js): replace Math.random with crypto based UUID to support N… #1839

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix(auth-js): replace Math.random with crypto based UUID to support N… #1839

wants to merge 1 commit into from

Conversation

@7ttp
Copy link

@7ttp 7ttp commented Nov 9, 2025

Next.js 16 App Router enforces deterministic rendering for Server Components.
The previous uuid() implementation in @supabase/auth-js relied on Math.random(),
which caused prerender errors even when no queries were executed.

This update replaces Math.random() with crypto.getRandomValues in browsers
and crypto.randomFillSync in Node, providing SSR-safe, fully synchronous UUID v4 generation.

Changes

  • Refactored uuid() in packages/auth-js/src/lib/helpers.ts
  • Fully synchronous and UUID v4 compliant
  • Compatible with Node 16+ and modern browsers
  • Resolves SSR/deterministic rendering errors caused by Math.random()

Closes #40273

🔍 Description

Fixes SSR prerender errors in Next.js 16 caused by Math.random() in uuid().

What changed?

Replaced Math.random() with crypto.getRandomValues in browsers and crypto.randomFillSync in Node. Updated uuid() to remain fully synchronous and UUID v4 compliant.

Why was this change needed?

To ensure Server Components render deterministically and prevent Next.js 16 prerender errors.

📸 Screenshots/Examples

N/A — code change only.

🔄 Breaking changes

  • This PR contains no breaking changes

📋 Checklist

  • I have read the Contributing Guidelines
  • My PR title follows the conventional commit format
  • I have run npx nx format to ensure consistent code formatting
  • I have added tests for new functionality (if applicable)
  • I have updated documentation (if applicable)

📝 Additional notes

This is a low-level crypto fix; no functional changes to existing APIs.

@7ttp
fix(auth-js): replace Math.random with crypto based UUID to support N…
1ec737f 
…ext.js 16 SSR

Next.js 16 App Router requires deterministic rendering for Server Components. 
The previous implementation of uuid() in @supabase/auth-js used Math.random(), 
which caused prerender errors even when no queries were executed.

This update replaces Math.random() with crypto.getRandomValues in browsers 
and crypto.randomFillSync in Node, providing SSR-safe, fully synchronous UUID v4 generation.

### Changes
- Refactored uuid() in packages/auth-js/src/lib/helpers.ts
- Fully synchronous and UUID v4 compliant
- Compatible with Node 16+ and modern browsers
- Resolves SSR/deterministic rendering errors caused by Math.random()

Closes #40273
@7ttp 7ttp requested review from a team as code owners November 9, 2025 10:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@7ttp