SASL_SIGNATURE_MISMATCH: The server did not return the correct signature about supabase HOT 16 CLOSED

thank you all !!!
sounds stupid! I corrected this by removing the brackets in the database link URL for [password].🤦🤦🤦

from supabase.

Hi there, if it is working with the connection string but not the individual parameters, then there is likely some issue with the library.
I would recommend using the connection string when that works.
If you do need to use the parameters, then you may need to add additional options, such as:

ssl: { rejectUnauthorized: false}

from supabase.

sorry to necro your closed issue but since it was not really resolved with documentation i hope you wont mind.

for anyone else stumbling here during troubleshooting, I confirmed that this issue is likely caused by a version mismatch between the client's pg version(I tested 14) and the remote (v15 as of now).

I'm not sure why it isn't observed in psql (which will warn about the outdated client and does confirm TLS) or why so many people seem to be running into this at once. So, it does seem to be an issue with either Drizzle or possibly the database driver. You can, as @encima suggested, disable SSL as a workaround but in any case, it's ideal to upgrade your client if its outdated. (and resolve the SSL issues as a win-win…)

# Homebrew upgrade

# brew uninstall postgresql
brew update && brew install postgresql@16
pushd /usr/local/opt/postgresql@16/bin

# If you'd prefer not to modify your $PATH
# for file in *; do ln -s "$(pwd)/$file" /usr/local/bin/; done
popd
psql --version

from supabase.

I had the same issue because my password start with $. After change my password, works fine with this setup:

// .env.local
NEXT_PUBLIC_SUPABASE_URL=postgres://postgres.jkjkkjkjkjk:[email protected]:6543/postgres

// db.ts
import { drizzle } from "drizzle-orm/postgres-js";
import postgres from "postgres";

const connectionString = process.env.NEXT_PUBLIC_SUPABASE_URL!;

export const client = postgres(connectionString, { prepare: false });
export const db = drizzle(client);

from supabase.

No need to apologise, this is useful troubleshooting advice! I'll add it to the docs tomorrow

from supabase.

Spent an hour debugging it, here is the result of my investigation

@encima Here is my project reference id: wiowhiztwaqjqzlfqqsh

I changed password a few times because when debugging I reached the pooler logs page and noticed logs such as: ClientHandler: Exchange error: "Wrong password" when method :auth_query immediately followed by ClientHandler: socket closed with reason {:shutdown, :exchange_error}
I guess the error that I see in the terminal is only the last one, when the real error was maybe a password issue.

I changed it multiple time and made sure it was correctly set (console.log in node app) to see how it was read from the .env file.

I tried a few ones, and finally made it by using a password with no special character. -> Might this be the issue ?

Can you confirm the connection string is for your database and not for the connection pooler?
I'm not sure I can tell the difference between the two. I'm using the connection string that I found under Project Settings > Database > Connection string.

It looks like this: postgres://postgres.wiowhiztwaqjqzlfqqsh:[YOUR-PASSWORD]@aws-0-eu-central-1.pooler.supabase.com:5432/postgres

The dashboard looks like this:

Trying @binury connection with psql, it works correctly.

from supabase.

OK, to summarise this:

1. When using postgres tools and libraries, ensure they are the same (or higher) than the version of your target database
2. When using special characters, be sure to encode them

from supabase.

This option didn't help in my situation, so I sticked with the connection string.

from supabase.

Seeing the same issue, randomly, when using postgress.js without Drizzle

from supabase.

meet the same situation, here is my connection init code:

    const queryConnection = postgres(process.env.DATABASE_URL!, {
        ssl: { rejectUnauthorized: false },
        prepare: false
    });

from supabase.

Actually, I cannot connect anymore, @encima I don't know why.
Either with a connection string, with an object, with ssl: { rejectUnauthorized: false }, I am just getting
SASL_SIGNATURE_MISMATCH or SELF_SIGNED_CERT_IN_CHAIN when using the following configuration (cert is the certificate provided by Supabase on the dashboard)

I tried with both pg and postgres.

const client = postgres(import.meta.env.DATABASE_URL, {
  ssl: {
    rejectUnauthorized: false,
   },
})
// SASL_SIGNATURE_MISMATCH

const client = postgres(import.meta.env.DATABASE_URL, {
  ssl: {
    rejectUnauthorized: false,
    cert,
   },
})
// SASL_SIGNATURE_MISMATCH

const client = postgres(import.meta.env.DATABASE_URL, {
  ssl: { cert },
})
// SELF_SIGNED_CERT_IN_CHAIN

const client = postgres(import.meta.env.DATABASE_URL, {
  ssl: {
    rejectUnauthorized: false,
    ca: cert,
   },
})
// SASL: SCRAM-SERVER-FINAL-MESSAGE: server signature is missing

from supabase.

@noook can you lost your project reference here? We can check this but it should be working with the self signed cert.
Can you confirm the connection string is for your database and not for the connection pooler?

from supabase.

Ah, I see you are back coincidentally. Well, @noook one last thing then: If you're still having trouble, I'd suggest trying a 'raw' connection with psql as a starting point for your troubleshooting rather than poking around in your ORM— and make sure that is working first.

export DB_URL = 'postgres://postgres.ktmfkkjaiwfuauiwfh:[YOUR-PASSWORD]@aws-0-us-west-1.pooler.supabase.com:5432/postgres'
psql $DB_URL

GL

from supabase.

check if psql --version is >= 15

also, since you are getting password issues, try e.g.:

import "dotenv/config";
const {
  PGHOST: host,
  PGUSER: user,
  PGDATABASE: database,
  PGPASSWORD: password,
} = process.env;

export const connectionString = `postgresql://${user}:${encodeURIComponent(password)}@${host}`;

// if you need params later…
// const params = new URLSearchParams(Object.entries({}).map(([k, v]) => [k, v.toString()]));
// export const connectionString = `${url}?${params}`;

(this is a Drizzle issue I have noticed. Maybe you've run into it too if supabase happened to generate a password that has URI breaking characters which must be encoded.)

from supabase.

When I ran the code (snippets in the original message of the issue) I adapted the situation in order to not use drizzle and not make it a factor in the equation. The issue might simply be in the connection string passed to the postgres client.

from supabase.

Confirming this. I had the same issue because my DB password contained $ and & in it. I reset it and it is working fine now.

I had the same issue because my password start with $. After change my password, works fine with this setup:

// .env.local
NEXT_PUBLIC_SUPABASE_URL=postgres://postgres.jkjkkjkjkjk:[email protected]:6543/postgres

// db.ts
import { drizzle } from "drizzle-orm/postgres-js";
import postgres from "postgres";

const connectionString = process.env.NEXT_PUBLIC_SUPABASE_URL!;

export const client = postgres(connectionString, { prepare: false });
export const db = drizzle(client);

from supabase.