Christina's Blog

Supabase Signup Failed: gen_random_bytes() does not exist

The real cause of the Supabase Signup error "gen_random_bytes() does not exist": PostgreSQL SECURITY DEFINER uses a fixed search_path, making pgcrypto functions inaccessible.

supabase

❗ Problem

User signup fails with the following error:

function gen_random_bytes(integer) does not exist
No function matches the given name and argument types
current transaction is aborted, commands ignored until end of transaction block

Symptoms:

  • New users cannot be created
  • Supabase Auth signup continuously fails

🔄 Execution Flow

Client Signup
  ↓
auth.users INSERT
  ↓
AFTER INSERT Trigger
  ↓
create_profile_for_new_user()
  ↓
gen_random_bytes()

🔍 Analysis

gen_random_bytes() is not a PostgreSQL core built-in function. It is provided by the pgcrypto extension.
In Supabase environments, pgcrypto functions are typically installed under the extensions schema: extensions.gen_random_bytes().

During signup, Supabase executes: auth.users → trigger → custom function
This trigger function commonly runs with SECURITY DEFINER.

A SECURITY DEFINER function does not inherit the caller's search_path. PostgreSQL instead uses the search_path recorded at the time the function was created.

If this stored search_path does not include the extensions schema, PostgreSQL cannot resolve gen_random_bytes() even when pgcrypto is installed.

The failure occurs during function lookup, not during extension installation.

đŸŽ¯ Root Cause

Supabase Auth triggers typically execute using SECURITY DEFINER.
In this mode:

  • The function uses the search_path recorded at creation time
  • Non-default schemas (such as extensions) become invisible
  • Functions without explicit schema references fail to resolve

Therefore, the issue is not caused by Supabase Auth, but by schema visibility inside a SECURITY DEFINER execution environment.

✅ Solutions

Explicit schema reference

extensions.gen_random_bytes(16)
-- or
pgcrypto.gen_random_bytes(16)

Set search_path inside the function

CREATE OR REPLACE FUNCTION ...
SECURITY DEFINER
SET search_path = public, extensions;

Alternative: random()

random()

⚠ī¸ Warning:

random() is not cryptographically secure and should NOT be used for tokens, handles, or security-sensitive identifiers.

🛡ī¸ Best Practices

For Auth triggers, avoid:

  • Extension-dependent logic
  • Cross-schema calls
  • Complex business logic

Triggers should only handle:

  • Basic INSERT operations
  • Minimal data initialization

📌 Summary

The gen_random_bytes() error does not mean the function is missing.

Instead:

  • SECURITY DEFINER changes schema visibility
  • search_path excludes the extensions schema
  • pgcrypto functions cannot be resolved

This is fundamentally a PostgreSQL schema visibility issue, not a Supabase bug or extension installation problem.

📎 Applicable Scenarios

This article applies to:

  • Supabase Auth trigger failures
  • PostgreSQL SECURITY DEFINER issues
  • pgcrypto function resolution errors
  • Extension functions failing inside triggers

Christina's Blog

Sharing insights and experiences on technology, learning, and life.

Page Views
Visitors
Updated at:

Š2026 Christina's Blog. All rights reserved.